Check new AAD fields added by rule types (#174422)

This PR adds an integration test to prevent rule types from adding fields without approval --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-04-24 01:38:56 -04:00 · 2024-01-08 22:59:21 +01:00 · 2024-01-08 22:59:21 +01:00 · c80aa0e36f
commit c80aa0e36f
parent 787f34e34f
6 changed files with 9772 additions and 1 deletions
--- a/x-pack/plugins/alerting/jest.integration.config.js
+++ b/x-pack/plugins/alerting/jest.integration.config.js
@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+module.exports = {
+  preset: '@kbn/test/jest_integration',
+  rootDir: '../../..',
+  roots: ['<rootDir>/x-pack/plugins/alerting'],
+};
--- a/x-pack/plugins/alerting/server/integration_tests/snapshots/alert_as_data_fields.test.ts.snap
+++ b/x-pack/plugins/alerting/server/integration_tests/snapshots/alert_as_data_fields.test.ts.snap
--- a/x-pack/plugins/alerting/server/integration_tests/alert_as_data_fields.test.ts
+++ b/x-pack/plugins/alerting/server/integration_tests/alert_as_data_fields.test.ts
@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { TestElasticsearchUtils, TestKibanaUtils } from '@kbn/core-test-helpers-kbn-server';
+import { setupTestServers } from './lib';
+import type { RuleTypeRegistry } from '../rule_type_registry';
+
+jest.mock('../rule_type_registry', () => {
+  const actual = jest.requireActual('../rule_type_registry');
+  return {
+    ...actual,
+    RuleTypeRegistry: jest.fn().mockImplementation((opts) => {
+      return new actual.RuleTypeRegistry(opts);
+    }),
+  };
+});
+
+const ruleTypes: string[] = [
+  'transform_health',
+  '.index-threshold',
+  '.geo-containment',
+  '.es-query',
+  'xpack.ml.anomaly_detection_alert',
+  'xpack.ml.anomaly_detection_jobs_health',
+  'slo.rules.burnRate',
+  'observability.rules.custom_threshold',
+  'xpack.uptime.alerts.monitorStatus',
+  'xpack.uptime.alerts.tlsCertificate',
+  'xpack.uptime.alerts.durationAnomaly',
+  'xpack.uptime.alerts.tls',
+  'xpack.synthetics.alerts.monitorStatus',
+  'xpack.synthetics.alerts.tls',
+  'logs.alert.document.count',
+  'metrics.alert.inventory.threshold',
+  'metrics.alert.threshold',
+  'monitoring_alert_cluster_health',
+  'monitoring_alert_license_expiration',
+  'monitoring_alert_cpu_usage',
+  'monitoring_alert_missing_monitoring_data',
+  'monitoring_alert_disk_usage',
+  'monitoring_alert_thread_pool_search_rejections',
+  'monitoring_alert_thread_pool_write_rejections',
+  'monitoring_alert_jvm_memory_usage',
+  'monitoring_alert_nodes_changed',
+  'monitoring_alert_logstash_version_mismatch',
+  'monitoring_alert_kibana_version_mismatch',
+  'monitoring_alert_elasticsearch_version_mismatch',
+  'monitoring_ccr_read_exceptions',
+  'monitoring_shard_size',
+  'apm.transaction_duration',
+  'apm.anomaly',
+  'apm.error_rate',
+  'apm.transaction_error_rate',
+  'siem.eqlRule',
+  'siem.esqlRule',
+  'siem.savedQueryRule',
+  'siem.indicatorRule',
+  'siem.mlRule',
+  'siem.queryRule',
+  'siem.thresholdRule',
+  'siem.newTermsRule',
+  'siem.notifications',
+];
+
+describe('Alert as data fields checks', () => {
+  let esServer: TestElasticsearchUtils;
+  let kibanaServer: TestKibanaUtils;
+  let ruleTypeRegistry: RuleTypeRegistry;
+
+  beforeAll(async () => {
+    const setupResult = await setupTestServers();
+    esServer = setupResult.esServer;
+    kibanaServer = setupResult.kibanaServer;
+
+    const mockedRuleTypeRegistry = jest.requireMock('../rule_type_registry');
+    expect(mockedRuleTypeRegistry.RuleTypeRegistry).toHaveBeenCalledTimes(1);
+    ruleTypeRegistry = mockedRuleTypeRegistry.RuleTypeRegistry.mock.results[0].value;
+  });
+
+  afterAll(async () => {
+    if (kibanaServer) {
+      await kibanaServer.stop();
+    }
+    if (esServer) {
+      await esServer.stop();
+    }
+  });
+
+  /**
+   * This test is necessary to ensure the array is up to date so we can run tests
+   * on all the rule types.
+   */
+  test('ensure rule types list up to date', async () => {
+    expect(ruleTypes).toEqual(ruleTypeRegistry.getAllTypes());
+  });
+
+  for (const ruleTypeId of ruleTypes) {
+    test(`detect AAD fields changes for: ${ruleTypeId}`, async () => {
+      const ruleType = ruleTypeRegistry.get(ruleTypeId);
+      expect(ruleType.alerts?.mappings).toMatchSnapshot();
+    });
+  }
+});
--- a/x-pack/plugins/alerting/server/integration_tests/lib/index.ts
+++ b/x-pack/plugins/alerting/server/integration_tests/lib/index.ts
@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export { setupTestServers } from './setup_test_servers';
--- a/x-pack/plugins/alerting/server/integration_tests/lib/setup_test_servers.ts
+++ b/x-pack/plugins/alerting/server/integration_tests/lib/setup_test_servers.ts
@ -0,0 +1,56 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import deepmerge from 'deepmerge';
+import { createTestServers, createRootWithCorePlugins } from '@kbn/core-test-helpers-kbn-server';
+
+export async function setupTestServers(settings = {}) {
+  const { startES } = createTestServers({
+    adjustTimeout: (t) => jest.setTimeout(t),
+    settings: {
+      es: {
+        license: 'trial',
+      },
+    },
+  });
+
+  const esServer = await startES();
+
+  const root = createRootWithCorePlugins(
+    deepmerge(
+      {
+        logging: {
+          root: {
+            level: 'warn',
+          },
+          loggers: [
+            {
+              name: 'plugins.taskManager',
+              level: 'all',
+            },
+          ],
+        },
+      },
+      settings
+    ),
+    { oss: false }
+  );
+
+  await root.preboot();
+  const coreSetup = await root.setup();
+  const coreStart = await root.start();
+
+  return {
+    esServer,
+    kibanaServer: {
+      root,
+      coreSetup,
+      coreStart,
+      stop: async () => await root.shutdown(),
+    },
+  };
+}
--- a/x-pack/plugins/alerting/tsconfig.json
+++ b/x-pack/plugins/alerting/tsconfig.json
@ -63,7 +63,8 @@
    "@kbn/core-application-common",
    "@kbn/core-saved-objects-api-server",
    "@kbn/alerts-ui-shared",
-    "@kbn/core-http-browser"
+    "@kbn/core-http-browser",
+    "@kbn/core-test-helpers-kbn-server"
  ],
  "exclude": ["target/**/*"]
 }