Skip to content

Commit

Permalink
[EDR Workflows] Bring back artifacts, fix tests (elastic#166341)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tomsonpl
tomsonpl authored Sep 13, 2023
1 parent c0417f4 commit c7e360b
Show file tree
Hide file tree
Showing 3 changed files with 157 additions and 157 deletions.
6 changes: 6 additions & 0 deletions .buildkite/pipelines/pull_request/osquery_cypress.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ steps:
automatic:
- exit_status: '*'
limit: 1
artifact_paths:
- "target/kibana-osquery/**/*"

- command: .buildkite/scripts/steps/functional/osquery_cypress_burn.sh
label: 'Osquery Cypress Tests, burning changed specs'
Expand All @@ -20,6 +22,8 @@ steps:
soft_fail: true
retry:
automatic: false
artifact_paths:
- "target/kibana-osquery/**/*"

# Error: self-signed certificate in certificate chain
# - command: .buildkite/scripts/steps/functional/security_serverless_osquery.sh
Expand All @@ -33,3 +37,5 @@ steps:
# automatic:
# - exit_status: '*'
# limit: 1
# artifact_paths:
# - "target/kibana-osquery/**/*"
5 changes: 2 additions & 3 deletions x-pack/plugins/osquery/cypress/e2e/all/alerts_liked_apps.cy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,10 @@ import {
} from '../../tasks/live_query';
import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
import { ServerlessRoleName } from '../../support/roles';

const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}';

describe('Alert Event Details', { browser: 'electron', tags: ['@ess', '@serverless'] }, () => {
describe('Alert Event Details', { tags: ['@ess', '@serverless'] }, () => {
let ruleId: string;
let ruleName: string;

Expand All @@ -37,7 +36,7 @@ describe('Alert Event Details', { browser: 'electron', tags: ['@ess', '@serverle
});

beforeEach(() => {
cy.login(ServerlessRoleName.SOC_MANAGER);
cy.login('elastic');
cy.visit('/app/security/rules');
clickRuleName(ruleName);
});
Expand Down
303 changes: 149 additions & 154 deletions x-pack/plugins/osquery/cypress/e2e/all/alerts_response_actions_form.cy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,172 +26,167 @@ import {
typeInECSFieldInput,
} from '../../tasks/live_query';
import { closeDateTabIfVisible, closeToastIfVisible } from '../../tasks/integrations';
import { ServerlessRoleName } from '../../support/roles';

describe(
'Alert Event Details - Response Actions Form',
{ browser: 'electron', tags: ['@ess', '@serverless'] },
() => {
let multiQueryPackId: string;
let multiQueryPackName: string;
let ruleId: string;
let ruleName: string;
let packId: string;
let packName: string;
const packData = packFixture();
const multiQueryPackData = multiQueryPackFixture();
describe('Alert Event Details - Response Actions Form', { tags: ['@ess', '@serverless'] }, () => {
let multiQueryPackId: string;
let multiQueryPackName: string;
let ruleId: string;
let ruleName: string;
let packId: string;
let packName: string;
const packData = packFixture();
const multiQueryPackData = multiQueryPackFixture();

beforeEach(() => {
loadPack(packData).then((data) => {
packId = data.saved_object_id;
packName = data.name;
});
loadPack(multiQueryPackData).then((data) => {
multiQueryPackId = data.saved_object_id;
multiQueryPackName = data.name;
});
loadRule().then((data) => {
ruleId = data.id;
ruleName = data.name;
});
cy.login(ServerlessRoleName.SOC_MANAGER);
beforeEach(() => {
loadPack(packData).then((data) => {
packId = data.saved_object_id;
packName = data.name;
});
loadPack(multiQueryPackData).then((data) => {
multiQueryPackId = data.saved_object_id;
multiQueryPackName = data.name;
});
afterEach(() => {
cleanupPack(packId);
cleanupPack(multiQueryPackId);
cleanupRule(ruleId);
loadRule().then((data) => {
ruleId = data.id;
ruleName = data.name;
});
cy.login('elastic');
});
afterEach(() => {
cleanupPack(packId);
cleanupPack(multiQueryPackId);
cleanupRule(ruleId);
});

it('adds response actions with osquery with proper validation and form values', () => {
cy.visit('/app/security/rules');
clickRuleName(ruleName);
cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
closeDateTabIfVisible();
cy.getBySel('edit-rule-actions-tab').click();
cy.contains('Response actions are run on each rule execution.');
cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('Query is a required field');
inputQuery('select * from uptime1');
});
cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('Run a set of queries in a pack').click();
});
cy.contains('Save changes').click();
cy.getBySel('response-actions-error')
.within(() => {
cy.contains('Pack is a required field');
})
.should('exist');
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
it('adds response actions with osquery with proper validation and form values', () => {
cy.visit('/app/security/rules');
clickRuleName(ruleName);
cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
closeDateTabIfVisible();
cy.getBySel('edit-rule-actions-tab').click();
cy.contains('Response actions are run on each rule execution.');
cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('Query is a required field');
inputQuery('select * from uptime1');
});
cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('Run a set of queries in a pack').click();
});
cy.contains('Save changes').click();
cy.getBySel('response-actions-error')
.within(() => {
cy.contains('Pack is a required field');
cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
});
})
.should('exist');
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('Pack is a required field');
cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
});

cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();

cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
cy.contains('Query is a required field');
inputQuery('select * from uptime');
cy.contains('Advanced').click();
typeInECSFieldInput('message{downArrow}{enter}');
cy.getBySel('osqueryColumnValueSelect').type('days{downArrow}{enter}');
cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
cy.contains('Query is a required field');
inputQuery('select * from uptime');
cy.contains('Advanced').click();
typeInECSFieldInput('message{downArrow}{enter}');
cy.getBySel('osqueryColumnValueSelect').type('days{downArrow}{enter}');
cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
});

cy.getBySel('ruleEditSubmitButton').click();
cy.contains(`${ruleName} was saved`).should('exist');
closeToastIfVisible();
cy.getBySel('ruleEditSubmitButton').click();
cy.contains(`${ruleName} was saved`).should('exist');
closeToastIfVisible();

cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
cy.getBySel('edit-rule-actions-tab').click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('select * from uptime1');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains(packName);
cy.getBySel('comboBoxInput').type('{backspace}{enter}');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('select * from uptime1');
cy.getBySel('remove-response-action').click();
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('Search for a pack to run');
cy.contains('Pack is a required field');
cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleSingleQuery');
cy.getBySel('ruleEditSubmitButton').click();
cy.wait('@saveRuleSingleQuery').should(({ request }) => {
const oneQuery = [
{
interval: 3600,
query: 'select * from uptime;',
id: Object.keys(packData.queries)[0],
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
});
cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
cy.getBySel('edit-rule-actions-tab').click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('select * from uptime1');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains(packName);
cy.getBySel('comboBoxInput').type('{backspace}{enter}');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('select * from uptime1');
cy.getBySel('remove-response-action').click();
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains('Search for a pack to run');
cy.contains('Pack is a required field');
cy.getBySel('comboBoxInput').type(`${packName}{downArrow}{enter}`);
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleSingleQuery');
cy.getBySel('ruleEditSubmitButton').click();
cy.wait('@saveRuleSingleQuery').should(({ request }) => {
const oneQuery = [
{
interval: 3600,
query: 'select * from uptime;',
id: Object.keys(packData.queries)[0],
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(oneQuery);
});

cy.contains(`${ruleName} was saved`).should('exist');
closeToastIfVisible();
cy.contains(`${ruleName} was saved`).should('exist');
closeToastIfVisible();

cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
cy.getBySel('edit-rule-actions-tab').click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains(packName);
cy.getBySel('comboBoxInput').type(`${multiQueryPackName}{downArrow}{enter}`);
checkActionItemsInResults({
cases: false,
lens: false,
discover: false,
timeline: false,
});
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
cy.getBySel('editRuleSettingsLink').click();
cy.getBySel('globalLoadingIndicator').should('not.exist');
cy.getBySel('edit-rule-actions-tab').click();
cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
cy.contains(packName);
cy.getBySel('comboBoxInput').type(`${multiQueryPackName}{downArrow}{enter}`);
checkActionItemsInResults({
cases: false,
lens: false,
discover: false,
timeline: false,
});
cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleMultiQuery');
});
cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
cy.intercept('PUT', '/api/detection_engine/rules').as('saveRuleMultiQuery');

cy.contains('Save changes').click();
cy.wait('@saveRuleMultiQuery').should(({ request }) => {
const threeQueries = [
{
interval: 3600,
query: 'SELECT * FROM memory_info;',
platform: 'linux',
id: Object.keys(multiQueryPackData.queries)[0],
},
{
interval: 3600,
query: 'SELECT * FROM system_info;',
id: Object.keys(multiQueryPackData.queries)[1],
},
{
interval: 10,
query: 'select opera_extensions.* from users join opera_extensions using (uid);',
id: Object.keys(multiQueryPackData.queries)[2],
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
});
cy.contains('Save changes').click();
cy.wait('@saveRuleMultiQuery').should(({ request }) => {
const threeQueries = [
{
interval: 3600,
query: 'SELECT * FROM memory_info;',
platform: 'linux',
id: Object.keys(multiQueryPackData.queries)[0],
},
{
interval: 3600,
query: 'SELECT * FROM system_info;',
id: Object.keys(multiQueryPackData.queries)[1],
},
{
interval: 10,
query: 'select opera_extensions.* from users join opera_extensions using (uid);',
id: Object.keys(multiQueryPackData.queries)[2],
},
];
expect(request.body.response_actions[0].params.queries).to.deep.equal(threeQueries);
});
}
);
});
});

0 comments on commit c7e360b

Please sign in to comment.