diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts b/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts index d7427a24657faf..d5e827d545a68e 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/coverage_overview.ts @@ -351,7 +351,7 @@ export default ({ getService }: FtrProviderContext): void => { threat: generateThreatArray(1), }), ]); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); const expectedRule = await createRule(supertest, log, { ...getSimpleRule('rule-1'), diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/install_latest_bundled_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/install_latest_bundled_prebuilt_rules.ts index 97717f00773d9b..d9f710ba6afcf1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/install_latest_bundled_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/install_latest_bundled_prebuilt_rules.ts @@ -15,6 +15,7 @@ import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, deleteAllRules } from '../../utils'; import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status'; +import { installPrebuiltRulesPackageByVersion } from '../../utils/prebuilt_rules/install_fleet_package_by_url'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -55,18 +56,17 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_install).toBe(0); expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0); - const EPM_URL = `/api/fleet/epm/packages/security_detection_engine/99.0.0`; - - const bundledInstallResponse = await supertest - .post(EPM_URL) - .set('kbn-xsrf', 'xxxx') - .type('application/json') - .send({ force: true }) - .expect(200); + const bundledInstallResponse = await installPrebuiltRulesPackageByVersion( + es, + supertest, + '99.0.0' + ); // As opposed to "registry" - expect(bundledInstallResponse.body._meta.install_source).toBe('bundled'); + expect(bundledInstallResponse._meta.install_source).toBe('bundled'); + // Refresh ES indices to avoid race conditions between write and reading of indeces + // See implementation utility function at x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); // Verify that status is updated after package installation diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/prerelease_packages.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/prerelease_packages.ts index b1c32bf0e245e5..fd69e3128c3e7f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/prerelease_packages.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/bundled_prebuilt_rules_package/prerelease_packages.ts @@ -4,11 +4,10 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; -import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants'; import expect from 'expect'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, deleteAllRules } from '../../utils'; +import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules'; import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status'; import { installPrebuiltRules } from '../../utils/prebuilt_rules/install_prebuilt_rules'; @@ -38,8 +37,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_install).toBe(0); expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0); - await installPrebuiltRules(supertest); - await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + await installPrebuiltRules(es, supertest); // Verify that status is updated after package installation const statusAfterPackageInstallation = await getPrebuiltRulesStatus(supertest); @@ -48,11 +46,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusAfterPackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0); // Get installed rules - const { body: rulesResponse } = await supertest - .get(DETECTION_ENGINE_RULES_URL_FIND) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + const rulesResponse = await getInstalledRules(supertest); // Assert that installed rules are from package 99.0.0 and not from prerelease (beta) package expect(rulesResponse.data.length).toBe(1); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/large_prebuilt_rules_package/install_large_prebuilt_rules_package.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/large_prebuilt_rules_package/install_large_prebuilt_rules_package.ts index 9dd5e695c37729..c047413bdb90ab 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/large_prebuilt_rules_package/install_large_prebuilt_rules_package.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/large_prebuilt_rules_package/install_large_prebuilt_rules_package.ts @@ -5,7 +5,6 @@ * 2.0. */ import expect from 'expect'; -import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllRules, getPrebuiltRulesAndTimelinesStatus } from '../../utils'; import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets'; @@ -36,8 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusBeforePackageInstallation.rules_not_updated).toBe(0); // Install the package with 15000 prebuilt historical version of rules rules and 750 unique rules - await installPrebuiltRulesAndTimelines(supertest); - await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + await installPrebuiltRulesAndTimelines(es, supertest); // Verify that status is updated after package installation const statusAfterPackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/fleet_integration.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/fleet_integration.ts index e48530ad16513b..1433cb7cac2fff 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/fleet_integration.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/fleet_integration.ts @@ -5,7 +5,6 @@ * 2.0. */ import expect from 'expect'; -import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllRules, @@ -43,24 +42,11 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusBeforePackageInstallation.rules_not_updated).toBe(0); await installPrebuiltRulesFleetPackage({ + es, supertest, overrideExistingPackage: true, }); - // Before we proceed, we need to refresh saved object indices. This comment will explain why. - // At the previous step we installed the Fleet package with prebuilt detection rules. - // Prebuilt rules are assets that Fleet indexes as saved objects of a certain type. - // Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`. - // So, despite of the fact that the endpoint waits until the prebuilt rule assets will be - // successfully indexed, it doesn't wait until they become "visible" for subsequent read - // operations. Which is what we do next: we read these SOs in getPrebuiltRulesAndTimelinesStatus(). - // Now, the time left until the next refresh can be anything from 0 to the default value, and - // it depends on the time when savedObjectsClient.import() call happens relative to the time of - // the next refresh. Also, probably the refresh time can be delayed when ES is under load? - // Anyway, here we have a race condition between a write and subsequent read operation, and to - // fix it deterministically we have to refresh saved object indices and wait until it's done. - await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); - // Verify that status is updated after package installation const statusAfterPackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(statusAfterPackageInstallation.rules_installed).toBe(0); @@ -68,19 +54,10 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusAfterPackageInstallation.rules_not_updated).toBe(0); // Verify that all previously not installed rules were installed - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(statusAfterPackageInstallation.rules_not_installed); expect(response.rules_updated).toBe(0); - // Similar to the previous refresh, we need to do it again between the two operations: - // - previous write operation: install prebuilt rules and timelines - // - subsequent read operation: get prebuilt rules and timelines status - // You may ask why? I'm not sure, probably because the write operation can install the Fleet - // package under certain circumstances, and it all works with `refresh: false` again. - // Anyway, there were flaky runs failing specifically at one of the next assertions, - // which means some kind of the same race condition we have here too. - await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); - // Verify that status is updated after rules installation const statusAfterRuleInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(statusAfterRuleInstallation.rules_installed).toBe(response.rules_installed); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_rules_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_rules_status.ts index ee5730cee39a86..ae43e3bdd50982 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_rules_status.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_rules_status.ts @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return the number of installed prebuilt rules after installing them', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); const { stats } = await getPrebuiltRulesStatus(supertest); expect(stats).toMatchObject({ @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should notify the user again that a rule is available for install after it is deleted', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); await deleteRule(supertest, 'rule-1'); const { stats } = await getPrebuiltRulesStatus(supertest); @@ -110,7 +110,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates', async () => { const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not return any available update if rule has been successfully upgraded', async () => { const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleAssetSavedObjects[0]['security-rule'].version += 1; await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); // Upgrade all rules - await upgradePrebuiltRules(supertest); + await upgradePrebuiltRules(es, supertest); const { stats } = await getPrebuiltRulesStatus(supertest); expect(stats).toMatchObject({ @@ -152,7 +152,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not return any updates if none are available', async () => { const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return the number of installed prebuilt rules after installing them', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); const { stats } = await getPrebuiltRulesStatus(supertest); expect(stats).toMatchObject({ @@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should notify the user again that a rule is available for install after it is deleted', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); await deleteRule(supertest, 'rule-1'); const { stats } = await getPrebuiltRulesStatus(supertest); @@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates when previous historical versions available', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Add a new version of one of the installed rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ @@ -238,7 +238,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates when previous historical versions unavailable', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Delete the previous versions of rule assets await deleteAllPrebuiltRuleAssets(es); @@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not return available rule updates after rule has been upgraded', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Delete the previous versions of rule assets await deleteAllPrebuiltRuleAssets(es); @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); // Upgrade the rule - await upgradePrebuiltRules(supertest); + await upgradePrebuiltRules(es, supertest); const { stats } = await getPrebuiltRulesStatus(supertest); expect(stats).toMatchObject({ @@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return the number of installed prebuilt rules after installing them', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); const body = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(body).toMatchObject({ @@ -352,7 +352,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should notify the user again that a rule is available for install after it is deleted', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); await deleteRule(supertest, 'rule-1'); const body = await getPrebuiltRulesAndTimelinesStatus(supertest); @@ -367,7 +367,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates', async () => { const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -387,7 +387,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not return any updates if none are available', async () => { const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -428,7 +428,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return the number of installed prebuilt rules after installing them', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); const body = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(body).toMatchObject({ @@ -441,7 +441,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should notify the user again that a rule is available for install after it is deleted', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); await deleteRule(supertest, 'rule-1'); const body = await getPrebuiltRulesAndTimelinesStatus(supertest); @@ -455,7 +455,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates when previous historical versions available', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Add a new version of one of the installed rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ @@ -473,7 +473,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return available rule updates when previous historical versions unavailable', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Delete the previous versions of rule assets await deleteAllPrebuiltRuleAssets(es); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_timelines_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_timelines_status.ts index 04275afe20dc95..05b34ffa98ed7e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_timelines_status.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/get_prebuilt_timelines_status.ts @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return the number of installed timeline templates after installing them', async () => { - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); const body = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(body).toMatchObject({ diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/install_and_upgrade_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/install_and_upgrade_prebuilt_rules.ts index c36b81f93cf7c3..85af64415c95e2 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/install_and_upgrade_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/install_and_upgrade_prebuilt_rules.ts @@ -6,7 +6,6 @@ */ import expect from 'expect'; -import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllRules, @@ -24,6 +23,7 @@ import { installPrebuiltRulesAndTimelines } from '../../utils/prebuilt_rules/ins import { installPrebuiltRules } from '../../utils/prebuilt_rules/install_prebuilt_rules'; import { getPrebuiltRulesStatus } from '../../utils/prebuilt_rules/get_prebuilt_rules_status'; import { upgradePrebuiltRules } from '../../utils/prebuilt_rules/upgrade_prebuilt_rules'; +import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('using legacy endpoint', () => { it('should install prebuilt rules', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(supertest); + const body = await installPrebuiltRulesAndTimelines(es, supertest); expect(body.rules_installed).toBe(RULES_COUNT); expect(body.rules_updated).toBe(0); @@ -58,14 +58,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should install correct prebuilt rule versions', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Get installed rules - const { body: rulesResponse } = await supertest - .get(DETECTION_ENGINE_RULES_URL_FIND) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + const rulesResponse = await getInstalledRules(supertest); // Check that all prebuilt rules were actually installed and their versions match the latest expect(rulesResponse.total).toBe(RULES_COUNT); @@ -82,7 +78,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); @@ -92,7 +88,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_installed).toBe(1); // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(1); expect(response.rules_updated).toBe(0); }); @@ -101,7 +97,7 @@ export default ({ getService }: FtrProviderContext): void => { // Install all prebuilt detection rules const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -114,7 +110,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_updated).toBe(1); // Call the install prebuilt rules again and check that the outdated rule was updated - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); }); @@ -122,7 +118,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Check that all prebuilt rules were installed const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); @@ -130,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_updated).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(0); }); @@ -139,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('using current endpoint', () => { it('should install prebuilt rules', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(supertest); + const body = await installPrebuiltRules(es, supertest); expect(body.summary.succeeded).toBe(RULES_COUNT); expect(body.summary.failed).toBe(0); @@ -148,7 +144,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should install correct prebuilt rule versions', async () => { await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(supertest); + const body = await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were actually installed and their versions match the latest expect(body.results.created).toEqual( @@ -164,7 +160,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); @@ -174,7 +170,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRules(supertest); + const response = await installPrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(1); }); @@ -182,7 +178,7 @@ export default ({ getService }: FtrProviderContext): void => { // Install all prebuilt detection rules const ruleAssetSavedObjects = getRuleAssetSavedObjects(); await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -196,7 +192,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(1); // Call the install prebuilt rules again and check that the outdated rule was updated - const response = await upgradePrebuiltRules(supertest); + const response = await upgradePrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(1); expect(response.summary.skipped).toBe(0); }); @@ -204,7 +200,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were installed const statusResponse = await getPrebuiltRulesStatus(supertest); @@ -212,12 +208,12 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const installResponse = await installPrebuiltRules(supertest); + const installResponse = await installPrebuiltRules(es, supertest); expect(installResponse.summary.succeeded).toBe(0); expect(installResponse.summary.skipped).toBe(0); // Call the upgrade prebuilt rules endpoint and check that no rules were updated - const upgradeResponse = await upgradePrebuiltRules(supertest); + const upgradeResponse = await upgradePrebuiltRules(es, supertest); expect(upgradeResponse.summary.succeeded).toBe(0); expect(upgradeResponse.summary.skipped).toBe(0); }); @@ -237,7 +233,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('using legacy endpoint', () => { it('should install prebuilt rules', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(supertest); + const body = await installPrebuiltRulesAndTimelines(es, supertest); expect(body.rules_installed).toBe(RULES_COUNT); expect(body.rules_updated).toBe(0); @@ -245,14 +241,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should install correct prebuilt rule versions', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Get installed rules - const { body: rulesResponse } = await supertest - .get(DETECTION_ENGINE_RULES_URL_FIND) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + const rulesResponse = await getInstalledRules(supertest); // Check that all prebuilt rules were actually installed and their versions match the latest expect(rulesResponse.total).toBe(RULES_COUNT); @@ -267,14 +259,14 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Check that all prebuilt rules were installed const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(statusResponse.rules_not_installed).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(0); }); @@ -282,7 +274,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); @@ -292,7 +284,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_installed).toBe(1); // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(1); expect(response.rules_updated).toBe(0); }); @@ -300,7 +292,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should update outdated prebuilt rules when previous historical versions available', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Add a new version of one of the installed rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ @@ -312,7 +304,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_updated).toBe(1); // Call the install prebuilt rules again and check that the outdated rule was updated - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); @@ -324,7 +316,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should update outdated prebuilt rules when previous historical versions unavailable', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(supertest); + await installPrebuiltRulesAndTimelines(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -340,7 +332,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.rules_not_installed).toBe(0); // Call the install prebuilt rules again and check that the outdated rule was updated - const response = await installPrebuiltRulesAndTimelines(supertest); + const response = await installPrebuiltRulesAndTimelines(es, supertest); expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); @@ -353,14 +345,14 @@ export default ({ getService }: FtrProviderContext): void => { describe('using current endpoint', () => { it('should install prebuilt rules', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(supertest); + const body = await installPrebuiltRules(es, supertest); expect(body.summary.succeeded).toBe(RULES_COUNT); }); it('should install correct prebuilt rule versions', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const response = await installPrebuiltRules(supertest); + const response = await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were actually installed and their versions match the latest expect(response.summary.succeeded).toBe(RULES_COUNT); @@ -375,14 +367,14 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were installed const statusResponse = await getPrebuiltRulesStatus(supertest); expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRules(supertest); + const response = await installPrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(0); expect(response.summary.total).toBe(0); }); @@ -390,7 +382,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); @@ -400,7 +392,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRules(supertest); + const response = await installPrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(1); expect(response.summary.total).toBe(1); }); @@ -408,7 +400,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should update outdated prebuilt rules when previous historical versions available', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Add a new version of one of the installed rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ @@ -420,7 +412,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_upgrade).toBe(1); // Call the upgrade prebuilt rules endpoint and check that the outdated rule was updated - const response = await upgradePrebuiltRules(supertest); + const response = await upgradePrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(1); expect(response.summary.total).toBe(1); @@ -432,7 +424,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should update outdated prebuilt rules when previous historical versions unavailable', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(supertest); + await installPrebuiltRules(es, supertest); // Clear previous rule assets await deleteAllPrebuiltRuleAssets(es); @@ -448,7 +440,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); // Call the upgrade prebuilt rules endpoint and check that the outdated rule was updated - const response = await upgradePrebuiltRules(supertest); + const response = await upgradePrebuiltRules(es, supertest); expect(response.summary.succeeded).toBe(1); expect(response.summary.total).toBe(1); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package.ts index 0e25999a37e9b2..1d7939e83f9abe 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/update_prebuilt_rules_package/update_prebuilt_rules_package.ts @@ -13,7 +13,6 @@ import { REPO_ROOT } from '@kbn/repo-info'; import JSON5 from 'json5'; import expect from 'expect'; import { PackageSpecManifest } from '@kbn/fleet-plugin/common'; -import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, @@ -24,6 +23,8 @@ import { } from '../../utils'; import { reviewPrebuiltRulesToInstall } from '../../utils/prebuilt_rules/review_install_prebuilt_rules'; import { reviewPrebuiltRulesToUpgrade } from '../../utils/prebuilt_rules/review_upgrade_prebuilt_rules'; +import { installPrebuiltRulesPackageByVersion } from '../../utils/prebuilt_rules/install_fleet_package_by_url'; +import { getInstalledRules } from '../../utils/prebuilt_rules/get_installed_rules'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -103,17 +104,14 @@ export default ({ getService }: FtrProviderContext): void => { expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_to_upgrade).toBe(0); expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_total_in_package).toBe(0); - const EPM_URL_FOR_PREVIOUS_VERSION = `/api/fleet/epm/packages/security_detection_engine/${previousVersion}`; - - const installPreviousPackageResponse = await supertest - .post(EPM_URL_FOR_PREVIOUS_VERSION) - .set('kbn-xsrf', 'xxxx') - .type('application/json') - .send({ force: true }) - .expect(200); + const installPreviousPackageResponse = await installPrebuiltRulesPackageByVersion( + es, + supertest, + previousVersion + ); - expect(installPreviousPackageResponse.body._meta.install_source).toBe('registry'); - expect(installPreviousPackageResponse.body.items.length).toBeGreaterThan(0); + expect(installPreviousPackageResponse._meta.install_source).toBe('registry'); + expect(installPreviousPackageResponse.items.length).toBeGreaterThan(0); // Verify that status is updated after the installation of package "N-1" const statusAfterPackageInstallation = await getPrebuiltRulesStatus(supertest); @@ -132,7 +130,8 @@ export default ({ getService }: FtrProviderContext): void => { // Verify that the _perform endpoint returns the same number of installed rules as the status endpoint // and the _review endpoint - const installPrebuiltRulesResponse = await installPrebuiltRules(supertest); + const installPrebuiltRulesResponse = await installPrebuiltRules(es, supertest); + expect(installPrebuiltRulesResponse.summary.succeeded).toBe( statusAfterPackageInstallation.stats.num_prebuilt_rules_to_install ); @@ -141,11 +140,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Get installed rules - const { body: rulesResponse } = await supertest - .get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + const rulesResponse = await getInstalledRules(supertest); // Check that all prebuilt rules were actually installed expect(rulesResponse.total).toBe(installPrebuiltRulesResponse.summary.succeeded); @@ -160,16 +155,13 @@ export default ({ getService }: FtrProviderContext): void => { ); // PART 2: Now install the lastest (current) package, defined in fleet_packages.json - const EPM_URL_FOR_CURRENT_VERSION = `/api/fleet/epm/packages/security_detection_engine/${currentVersion}`; - - const installLatestPackageResponse = await supertest - .post(EPM_URL_FOR_CURRENT_VERSION) - .set('kbn-xsrf', 'xxxx') - .type('application/json') - .send({ force: true }) - .expect(200); - expect(installLatestPackageResponse.body.items.length).toBeGreaterThanOrEqual(0); + const installLatestPackageResponse = await installPrebuiltRulesPackageByVersion( + es, + supertest, + currentVersion + ); + expect(installLatestPackageResponse.items.length).toBeGreaterThanOrEqual(0); // Verify status after intallation of the latest package const statusAfterLatestPackageInstallation = await getPrebuiltRulesStatus(supertest); @@ -196,8 +188,10 @@ export default ({ getService }: FtrProviderContext): void => { // Install available rules and verify that the _perform endpoint returns the same number of // installed rules as the status endpoint and the _review endpoint const installPrebuiltRulesResponseAfterLatestPackageInstallation = await installPrebuiltRules( + es, supertest ); + expect(installPrebuiltRulesResponseAfterLatestPackageInstallation.summary.succeeded).toBe( statusAfterLatestPackageInstallation.stats.num_prebuilt_rules_to_install ); @@ -208,11 +202,7 @@ export default ({ getService }: FtrProviderContext): void => { ); // Get installed rules - const { body: rulesResponseAfterPackageUpdate } = await supertest - .get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + const rulesResponseAfterPackageUpdate = await getInstalledRules(supertest); // Check that the expected new prebuilt rules from the latest package were actually installed expect( @@ -239,8 +229,10 @@ export default ({ getService }: FtrProviderContext): void => { // Call the upgrade _perform endpoint and verify that the number of upgraded rules is the same as the one // returned by the _review endpoint and the status endpoint const upgradePrebuiltRulesResponseAfterLatestPackageInstallation = await upgradePrebuiltRules( + es, supertest ); + expect(upgradePrebuiltRulesResponseAfterLatestPackageInstallation.summary.succeeded).toEqual( statusAfterLatestPackageInstallation.stats.num_prebuilt_rules_to_upgrade ); @@ -249,11 +241,8 @@ export default ({ getService }: FtrProviderContext): void => { ); // Get installed rules - const { body: rulesResponseAfterPackageUpdateAndRuleUpgrades } = await supertest - .get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`) - .set('kbn-xsrf', 'true') - .send() - .expect(200); + + const rulesResponseAfterPackageUpdateAndRuleUpgrades = await getInstalledRules(supertest); // Check that the expected new prebuilt rules from the latest package were actually installed expect( diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_installed_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_installed_rules.ts new file mode 100644 index 00000000000000..85eaee80ed3e8f --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_installed_rules.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type SuperTest from 'supertest'; +import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants'; +import { FindRulesResponse } from '@kbn/security-solution-plugin/common/api/detection_engine'; + +/** + * Get all installed security rules (both prebuilt + custom) + * + * @param es Elasticsearch client + * @param supertest SuperTest instance + * @param version Semver version of the `security_detection_engine` package to install + * @returns Fleet install package response + */ + +export const getInstalledRules = async ( + supertest: SuperTest.SuperTest +): Promise => { + const { body: rulesResponse } = await supertest + .get(`${DETECTION_ENGINE_RULES_URL_FIND}?per_page=10000`) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + return rulesResponse; +}; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_fleet_package_by_url.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_fleet_package_by_url.ts new file mode 100644 index 00000000000000..802626881b8e6d --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_fleet_package_by_url.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import type { Client } from '@elastic/elasticsearch'; +import type SuperTest from 'supertest'; +import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; +import { InstallPackageResponse } from '@kbn/fleet-plugin/common/types'; + +/** + * Installs prebuilt rules package `security_detection_engine` by version. + * + * @param es Elasticsearch client + * @param supertest SuperTest instance + * @param version Semver version of the `security_detection_engine` package to install + * @returns Fleet install package response + */ + +export const installPrebuiltRulesPackageByVersion = async ( + es: Client, + supertest: SuperTest.SuperTest, + version: string +): Promise => { + const fleetResponse = await supertest + .post(`/api/fleet/epm/packages/security_detection_engine/${version}`) + .set('kbn-xsrf', 'xxxx') + .type('application/json') + .send({ force: true }) + .expect(200); + + // Before we proceed, we need to refresh saved object indices. + // At the previous step we installed the Fleet package with prebuilt detection rules. + // Prebuilt rules are assets that Fleet indexes as saved objects of a certain type. + // Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`. + // So, despite of the fact that the endpoint waits until the prebuilt rule assets will be + // successfully indexed, it doesn't wait until they become "visible" for subsequent read + // operations. + // And this is usually what we do next in integration tests: we read these SOs with utility + // function such as getPrebuiltRulesAndTimelinesStatus(). + // Now, the time left until the next refresh can be anything from 0 to the default value, and + // it depends on the time when savedObjectsClient.import() call happens relative to the time of + // the next refresh. Also, probably the refresh time can be delayed when ES is under load? + // Anyway, this can cause race condition between a write and subsequent read operation, and to + // fix it deterministically we have to refresh saved object indices and wait until it's done. + await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + + return fleetResponse.body as InstallPackageResponse; +}; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts index 6f9726ae6a194d..0e15f416e12388 100644 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts @@ -24,5 +24,5 @@ export const installMockPrebuiltRules = async ( ): Promise => { // Ensure there are prebuilt rule saved objects before installing rules await createPrebuiltRuleAssetSavedObjects(es); - return installPrebuiltRulesAndTimelines(supertest); + return installPrebuiltRulesAndTimelines(es, supertest); }; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules.ts index c11ccb7b37abd6..f05ea093cfc5d6 100644 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules.ts @@ -10,7 +10,9 @@ import { RuleVersionSpecifier, PerformRuleInstallationResponseBody, } from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules'; +import type { Client } from '@elastic/elasticsearch'; import type SuperTest from 'supertest'; +import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; /** * Installs available prebuilt rules in Kibana. Rules are @@ -27,6 +29,7 @@ import type SuperTest from 'supertest'; * @returns Install prebuilt rules response */ export const installPrebuiltRules = async ( + es: Client, supertest: SuperTest.SuperTest, rules?: RuleVersionSpecifier[] ): Promise => { @@ -42,5 +45,17 @@ export const installPrebuiltRules = async ( .send(payload) .expect(200); + // Before we proceed, we need to refresh saved object indices. + // At the previous step we installed the prebuilt detection rules SO of type 'security-rule'. + // The savedObjectsClient does this with a call with explicit `refresh: false`. + // So, despite of the fact that the endpoint waits until the prebuilt rule will be + // successfully indexed, it doesn't wait until they become "visible" for subsequent read + // operations. + // And this is usually what we do next in integration tests: we read these SOs with utility + // function such as getPrebuiltRulesAndTimelinesStatus(). + // This can cause race conditions between a write and subsequent read operation, and to + // fix it deterministically we have to refresh saved object indices and wait until it's done. + await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + return response.body; }; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts index 7954e2b47bbac4..fdf87a94391c91 100644 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts @@ -9,7 +9,9 @@ import { InstallPrebuiltRulesAndTimelinesResponse, PREBUILT_RULES_URL, } from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules'; +import type { Client } from '@elastic/elasticsearch'; import type SuperTest from 'supertest'; +import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; /** * (LEGACY) @@ -28,6 +30,7 @@ import type SuperTest from 'supertest'; * @returns Install prebuilt rules response */ export const installPrebuiltRulesAndTimelines = async ( + es: Client, supertest: SuperTest.SuperTest ): Promise => { const response = await supertest @@ -36,5 +39,17 @@ export const installPrebuiltRulesAndTimelines = async ( .send() .expect(200); + // Before we proceed, we need to refresh saved object indices. + // At the previous step we installed the prebuilt detection rules SO of type 'security-rule'. + // The savedObjectsClient does this with a call with explicit `refresh: false`. + // So, despite of the fact that the endpoint waits until the prebuilt rule will be + // successfully indexed, it doesn't wait until they become "visible" for subsequent read + // operations. + // And this is usually what we do next in integration tests: we read these SOs with utility + // function such as getPrebuiltRulesAndTimelinesStatus(). + // This can cause race condition between a write and subsequent read operation, and to + // fix it deterministically we have to refresh saved object indices and wait until it's done. + await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + return response.body; }; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts index 30435caa5a7c31..cc899ecc1dccc4 100644 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts @@ -5,7 +5,9 @@ * 2.0. */ +import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; import { epmRouteService } from '@kbn/fleet-plugin/common'; +import type { Client } from '@elastic/elasticsearch'; import type SuperTest from 'supertest'; /** @@ -17,10 +19,12 @@ import type SuperTest from 'supertest'; * @param overrideExistingPackage Whether or not to force the install */ export const installPrebuiltRulesFleetPackage = async ({ + es, supertest, version, overrideExistingPackage, }: { + es: Client; supertest: SuperTest.SuperTest; version?: string; overrideExistingPackage: boolean; @@ -46,6 +50,22 @@ export const installPrebuiltRulesFleetPackage = async ({ }) .expect(200); } + + // Before we proceed, we need to refresh saved object indices. + // At the previous step we installed the Fleet package with prebuilt detection rules. + // Prebuilt rules are assets that Fleet indexes as saved objects of a certain type. + // Fleet does this via a savedObjectsClient.import() call with explicit `refresh: false`. + // So, despite of the fact that the endpoint waits until the prebuilt rule assets will be + // successfully indexed, it doesn't wait until they become "visible" for subsequent read + // operations. + // And this is usually what we do next in integration tests: we read these SOs with utility + // function such as getPrebuiltRulesAndTimelinesStatus(). + // Now, the time left until the next refresh can be anything from 0 to the default value, and + // it depends on the time when savedObjectsClient.import() call happens relative to the time of + // the next refresh. Also, probably the refresh time can be delayed when ES is under load? + // Anyway, this can cause race condition between a write and subsequent read operation, and to + // fix it deterministically we have to refresh saved object indices and wait until it's done. + await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); }; /** diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/upgrade_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/upgrade_prebuilt_rules.ts index bb3299cb5dd9ed..d9ea277fb1421e 100644 --- a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/upgrade_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/upgrade_prebuilt_rules.ts @@ -10,7 +10,9 @@ import { RuleVersionSpecifier, PerformRuleUpgradeResponseBody, } from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules'; +import type { Client } from '@elastic/elasticsearch'; import type SuperTest from 'supertest'; +import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; /** * Upgrades available prebuilt rules in Kibana. @@ -23,6 +25,7 @@ import type SuperTest from 'supertest'; * @returns Upgrade prebuilt rules response */ export const upgradePrebuiltRules = async ( + es: Client, supertest: SuperTest.SuperTest, rules?: RuleVersionSpecifier[] ): Promise => { @@ -38,5 +41,18 @@ export const upgradePrebuiltRules = async ( .send(payload) .expect(200); + // Before we proceed, we need to refresh saved object indices. + // At the previous step we upgraded the prebuilt rules, which, under the hoods, installs new versions + // of the prebuilt detection rules SO of type 'security-rule'. + // The savedObjectsClient does this with a call with explicit `refresh: false`. + // So, despite of the fact that the endpoint waits until the prebuilt rule will be + // successfully indexed, it doesn't wait until they become "visible" for subsequent read + // operations. + // And this is usually what we do next in integration tests: we read these SOs with utility + // function such as getPrebuiltRulesAndTimelinesStatus(). + // This can cause race conditions between a write and subsequent read operation, and to + // fix it deterministically we have to refresh saved object indices and wait until it's done. + await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES }); + return response.body; };