[Cloud Security] Set up first api integration tests in serverless (el…

…astic#167169) ## Summary This PR is copying over part of the API integration tests for the `cloud_security_posture` plugin. It's a part of the work on elastic/security-team#7439. Some tests are not yet copied over as they need more research, as they rely on either creating new users in Kibana or on fleet utils. This functionality is not yet available in serverless out of the box. Why copy? From [Kibana Serverless e2e Test Guide](https://docs.google.com/document/d/1tiax7xoDYwFXYZjRTgVKkVMjN-SQzBWk4yn1JY6Z5UY/edit): > Stateful tests should be copied over and modified as required for these features to ensure thorough coverage. which tests are copied and adopted for serverless: `tests/api_integration/apis/cloud_security_posture/status/status_not_deployed_not_installed` `tests/api_integration/apis/cloud_security_posture/status/status_indexed` `tests/api_integration/apis/cloud_security_posture/status/status_indexing` `tests/api_integration/apis/cloud_security_posture/benchmark` `tests/api_integration/apis/cloud_security_posture/get_csp_rule_template` `tests/cloud_security_posture_api/telemetry` which tests are not yet adopted for serverless: `tests/api_integration/apis/cloud_security_posture/status/status_unprivileged` (user/roles model is different in serverless) `tests/api_integration/apis/cloud_security_posture/status/status_waiting_for_results` (fleet test utils are not available) `tests/api_integration/apis/cloud_security_posture/status/status_index_timeout` (fleet test utils are not available) --------- Co-authored-by: kibanamachine <[email protected]>
ashokaditya · Oct 11, 2023 · 31f285a · 31f285a
1 parent 650c156
commit 31f285a
Show file tree

Hide file tree

Showing 13 changed files with 1,307 additions and 126 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1395,6 +1395,7 @@ x-pack/test/detection_engine_api_integration/security_and_spaces/group10/risk_en
 /x-pack/test/cloud_security_posture_api/ @elastic/kibana-cloud-security-posture
 /x-pack/test_serverless/functional/test_suites/security/ftr/cloud_security_posture/ @elastic/kibana-cloud-security-posture
 /x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts @elastic/kibana-cloud-security-posture
+/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/ @elastic/kibana-cloud-security-posture
 
 # Security Solution onboarding tour
 /x-pack/plugins/security_solution/public/common/components/guided_onboarding @elastic/security-threat-hunting-explore

diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/benchmark.ts b/x-pack/test/api_integration/apis/cloud_security_posture/benchmark.ts
@@ -6,10 +6,9 @@
  */
 import expect from '@kbn/expect';
 import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types';
-import type { SuperTest, Test } from 'supertest';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import { FtrProviderContext } from '../../ftr_provider_context';
-
+import { createPackagePolicy } from './helper';
 export default function ({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
@@ -156,64 +155,3 @@ export default function ({ getService }: FtrProviderContext) {
     });
   });
 }
-
-export async function createPackagePolicy(
-  supertest: SuperTest<Test>,
-  agentPolicyId: string,
-  policyTemplate: string,
-  input: string,
-  deployment: string,
-  posture: string,
-  packageName: string
-) {
-  const version = posture === 'kspm' || posture === 'cspm' ? '1.2.8' : '1.3.0-preview2';
-  const title = 'Security Posture Management';
-  const streams = [
-    {
-      enabled: false,
-      data_stream: {
-        type: 'logs',
-        dataset: 'cloud_security_posture.vulnerabilities',
-      },
-    },
-  ];
-
-  const inputTemplate = {
-    enabled: true,
-    type: input,
-    policy_template: policyTemplate,
-  };
-
-  const inputs = posture === 'vuln_mgmt' ? { ...inputTemplate, streams } : { ...inputTemplate };
-
-  const { body: postPackageResponse } = await supertest
-    .post(`/api/fleet/package_policies`)
-    .set('kbn-xsrf', 'xxxx')
-    .send({
-      force: true,
-      name: packageName,
-      description: '',
-      namespace: 'default',
-      policy_id: agentPolicyId,
-      enabled: true,
-      inputs: [inputs],
-      package: {
-        name: 'cloud_security_posture',
-        title,
-        version,
-      },
-      vars: {
-        deployment: {
-          value: deployment,
-          type: 'text',
-        },
-        posture: {
-          value: posture,
-          type: 'text',
-        },
-      },
-    })
-    .expect(200);
-
-  return postPackageResponse.item;
-}
diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/get_csp_rule_template.ts b/x-pack/test/api_integration/apis/cloud_security_posture/get_csp_rule_template.ts
@@ -7,9 +7,9 @@
 import expect from '@kbn/expect';
 import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
 import type { GetCspRuleTemplateResponse } from '@kbn/cloud-security-posture-plugin/common/types';
-import type { SuperTest, Test } from 'supertest';
 import { CspRuleTemplate } from '@kbn/cloud-security-posture-plugin/common/schemas';
 import { FtrProviderContext } from '../../ftr_provider_context';
+import { createPackagePolicy } from './helper';
 
 export default function ({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
@@ -232,63 +232,3 @@ export default function ({ getService }: FtrProviderContext) {
     });
   });
 }
-
-export async function createPackagePolicy(
-  supertest: SuperTest<Test>,
-  agentPolicyId: string,
-  policyTemplate: string,
-  input: string,
-  deployment: string,
-  posture: string
-) {
-  const version = posture === 'kspm' || posture === 'cspm' ? '1.2.8' : '1.3.0-preview2';
-  const title = 'Security Posture Management';
-  const streams = [
-    {
-      enabled: false,
-      data_stream: {
-        type: 'logs',
-        dataset: 'cloud_security_posture.vulnerabilities',
-      },
-    },
-  ];
-
-  const inputTemplate = {
-    enabled: true,
-    type: input,
-    policy_template: policyTemplate,
-  };
-
-  const inputs = posture === 'vuln_mgmt' ? { ...inputTemplate, streams } : { ...inputTemplate };
-
-  const { body: postPackageResponse } = await supertest
-    .post(`/api/fleet/package_policies`)
-    .set('kbn-xsrf', 'xxxx')
-    .send({
-      force: true,
-      name: 'cloud_security_posture-1',
-      description: '',
-      namespace: 'default',
-      policy_id: agentPolicyId,
-      enabled: true,
-      inputs: [inputs],
-      package: {
-        name: 'cloud_security_posture',
-        title,
-        version,
-      },
-      vars: {
-        deployment: {
-          value: deployment,
-          type: 'text',
-        },
-        posture: {
-          value: posture,
-          type: 'text',
-        },
-      },
-    })
-    .expect(200);
-
-  return postPackageResponse.item;
-}
diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts
@@ -47,7 +47,8 @@ export async function createPackagePolicy(
   policyTemplate: string,
   input: string,
   deployment: string,
-  posture: string
+  posture: string,
+  packageName: string = 'cloud_security_posture-1'
 ) {
   const version = '1.3.0';
   const title = 'Security Posture Management';
@@ -74,7 +75,7 @@ export async function createPackagePolicy(
     .set('kbn-xsrf', 'xxxx')
     .send({
       force: true,
-      name: 'cloud_security_posture-1',
+      name: packageName,
       description: '',
       namespace: 'default',
       policy_id: agentPolicyId,

diff --git a/.../test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark.ts b/.../test_serverless/api_integration/test_suites/security/cloud_security_posture/benchmark.ts
@@ -0,0 +1,165 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import expect from '@kbn/expect';
+import type { GetBenchmarkResponse } from '@kbn/cloud-security-posture-plugin/common/types';
+import {
+  ELASTIC_HTTP_VERSION_HEADER,
+  X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
+} from '@kbn/core-http-common';
+import { FtrProviderContext } from '../../../ftr_provider_context';
+import { createPackagePolicy } from '../../../../../test/api_integration/apis/cloud_security_posture/helper'; // eslint-disable-line @kbn/imports/no_boundary_crossing
+
+export default function ({ getService }: FtrProviderContext) {
+  const supertest = getService('supertest');
+  const esArchiver = getService('esArchiver');
+  const kibanaServer = getService('kibanaServer');
+
+  describe('GET /internal/cloud_security_posture/benchmark', () => {
+    let agentPolicyId: string;
+    let agentPolicyId2: string;
+    let agentPolicyId3: string;
+    let agentPolicyId4: string;
+
+    beforeEach(async () => {
+      await kibanaServer.savedObjects.cleanStandardList();
+      await esArchiver.load('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
+
+      const { body: agentPolicyResponse } = await supertest
+        .post(`/api/fleet/agent_policies`)
+        .set('kbn-xsrf', 'xxxx')
+        .send({
+          name: 'Test policy',
+          namespace: 'default',
+        });
+
+      agentPolicyId = agentPolicyResponse.item.id;
+
+      const { body: agentPolicyResponse2 } = await supertest
+        .post(`/api/fleet/agent_policies`)
+        .set('kbn-xsrf', 'xxxx')
+        .send({
+          name: 'Test policy 2',
+          namespace: 'default',
+        });
+
+      agentPolicyId2 = agentPolicyResponse2.item.id;
+
+      const { body: agentPolicyResponse3 } = await supertest
+        .post(`/api/fleet/agent_policies`)
+        .set('kbn-xsrf', 'xxxx')
+        .send({
+          name: 'Test policy 3',
+          namespace: 'default',
+        });
+
+      agentPolicyId3 = agentPolicyResponse3.item.id;
+
+      const { body: agentPolicyResponse4 } = await supertest
+        .post(`/api/fleet/agent_policies`)
+        .set('kbn-xsrf', 'xxxx')
+        .send({
+          name: 'Test policy 4',
+          namespace: 'default',
+        });
+
+      agentPolicyId4 = agentPolicyResponse4.item.id;
+
+      await createPackagePolicy(
+        supertest,
+        agentPolicyId,
+        'cspm',
+        'cloudbeat/cis_aws',
+        'aws',
+        'cspm',
+        'CSPM-1'
+      );
+
+      await createPackagePolicy(
+        supertest,
+        agentPolicyId2,
+        'kspm',
+        'cloudbeat/cis_k8s',
+        'vanilla',
+        'kspm',
+        'KSPM-1'
+      );
+
+      await createPackagePolicy(
+        supertest,
+        agentPolicyId3,
+        'vuln_mgmt',
+        'cloudbeat/vuln_mgmt_aws',
+        'aws',
+        'vuln_mgmt',
+        'CNVM-1'
+      );
+
+      await createPackagePolicy(
+        supertest,
+        agentPolicyId4,
+        'kspm',
+        'cloudbeat/cis_k8s',
+        'vanilla',
+        'kspm',
+        'KSPM-2'
+      );
+    });
+
+    afterEach(async () => {
+      await kibanaServer.savedObjects.cleanStandardList();
+      await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
+    });
+
+    it(`Should return non-empty array filled with Rules if user has CSP integrations`, async () => {
+      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+        .get(`/internal/cloud_security_posture/benchmarks`)
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set('kbn-xsrf', 'xxxx')
+        .expect(200);
+
+      expect(res.items.length).equal(3);
+      expect(res.total).equal(3);
+    });
+
+    it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
+      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+        .get(`/internal/cloud_security_posture/benchmarks?per_page=2`)
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set('kbn-xsrf', 'xxxx')
+        .expect(200);
+
+      expect(res.items.length).equal(2);
+      expect(res.total).equal(3);
+    });
+
+    it(`Should return array size 2 when we set per page to be only 2 (total element is still 3)`, async () => {
+      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+        .get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=2`)
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set('kbn-xsrf', 'xxxx')
+        .expect(200);
+
+      expect(res.items.length).equal(1);
+      expect(res.total).equal(3);
+    });
+
+    it(`Should return empty array when we set page to be above the last page number`, async () => {
+      const { body: res }: { body: GetBenchmarkResponse } = await supertest
+        .get(`/internal/cloud_security_posture/benchmarks?per_page=2&page=3`)
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'xxx')
+        .set('kbn-xsrf', 'xxxx')
+        .expect(200);
+
+      expect(res.items.length).equal(0);
+      expect(res.total).equal(3);
+    });
+  });
+}