From 397061aebcca23b22d052cf240e566ca25dcc34d Mon Sep 17 00:00:00 2001 From: dkirchan <55240027+dkirchan@users.noreply.github.com> Date: Thu, 9 Nov 2023 17:27:02 +0200 Subject: [PATCH] FTR Api Integration with the Second Security Quality Gate (#169422) ## Summary FTR Api Integration tests for Security Solution are now integrated with the Second Security Quality Gate. The tests are running in 5 scripts in `x-pack/test/security_solution_api_integration/package.json`. Each different script is creating its own task in buildkite so 5 scripts could be running in parallel, depending on the agents availability, however they all target the same environment for this first integration. Future needs: - The FTR runner serverless is needed to be introduced. ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Jon --- .../security_solution/api_integration.yml | 67 +++++++++++++++ .../api-integration-tests.sh | 82 +++++++++++++++++++ 2 files changed, 149 insertions(+) create mode 100644 .buildkite/pipelines/security_solution/api_integration.yml create mode 100755 .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh diff --git a/.buildkite/pipelines/security_solution/api_integration.yml b/.buildkite/pipelines/security_solution/api_integration.yml new file mode 100644 index 0000000000000..b4c6cece31c4b --- /dev/null +++ b/.buildkite/pipelines/security_solution/api_integration.yml @@ -0,0 +1,67 @@ +steps: + - label: Running exception_workflows:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_workflows:qa:serverless + key: exception_workflows:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 2 + + - label: Running exception_operators_date_numeric_types:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_date_numeric_types:qa:serverless + key: exception_operators_date_numeric_types:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 2 + + - label: Running exception_operators_keyword_text_long:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_keyword_text_long:qa:serverless + key: exception_operators_keyword_text_long:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 2 + + - label: Running exception_operators_ips_text_array:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh exception_operators_ips_text_array:qa:serverless + key: exception_operators_ips_text_array:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 + + - label: Running rule_creation:runner:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_creation:qa:serverless + key: rule_creation:runner:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 + + - label: Running actions:qa:serverless + command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh actions:qa:serverless + key: actions:qa:serverless + agents: + queue: n2-4-spot + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '1' + limit: 2 + diff --git a/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh new file mode 100755 index 0000000000000..ad7e488dfaea3 --- /dev/null +++ b/.buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh @@ -0,0 +1,82 @@ +#!/bin/bash +if [ -z "$1" ] + then + echo "No target script from the package.json file, is supplied" + exit 1 +fi + +source .buildkite/scripts/common/util.sh +.buildkite/scripts/bootstrap.sh + +buildkite-agent meta-data set "${BUILDKITE_JOB_ID}_is_test_execution_step" "true" + +echo "--- Serverless Security Second Quality Gate" +cd x-pack/test/security_solution_api_integration +set +e + +QA_API_KEY=$(retry 5 5 vault read -field=qa_api_key secret/kibana-issues/dev/security-solution-qg-enc-key) + +# Generate a random 5-digit number +random_number=$((10000 + $RANDOM % 90000)) +ENVIRONMENT_DETAILS=$(curl --location 'https://global.qa.cld.elstc.co/api/v1/serverless/projects/security' \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' \ + --data '{ + "name": "ftr-integration-tests-'$random_number'", + "region_id": "aws-eu-west-1"}' | jq '.') +NAME=$(echo $ENVIRONMENT_DETAILS | jq -r '.name') +ID=$(echo $ENVIRONMENT_DETAILS | jq -r '.id') +ES_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.elasticsearch') +KB_URL=$(echo $ENVIRONMENT_DETAILS | jq -r '.endpoints.kibana') + +# Wait five seconds for the project to appear +sleep 5 + +# Resetting the credentials of the elastic user in the project +CREDS_BODY=$(curl -s --location --request POST "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID/_reset-credentials" \ + --header "Authorization: ApiKey $QA_API_KEY" \ + --header 'Content-Type: application/json' | jq '.') +USERNAME=$(echo $CREDS_BODY | jq -r '.username') +PASSWORD=$(echo $CREDS_BODY | jq -r '.password') +AUTH=$(echo "$USERNAME:$PASSWORD") + +# Checking if Elasticsearch has status green +while : ; do + STATUS=$(curl -u $AUTH --location "$ES_URL:443/_cluster/health?wait_for_status=green&timeout=50s" | jq -r '.status') + if [ "$STATUS" != "green" ]; then + echo "Sleeping for 40s to wait for ES status to be green..." + sleep 40 + else + echo "Elasticsearch has status green." + break + fi +done + +# Checking if Kibana is available +while : ; do + STATUS=$(curl -u $AUTH --location "$KB_URL:443/api/status" | jq -r '.status.overall.level') + if [ "$STATUS" != "available" ]; then + echo "Sleeping for 15s to wait for Kibana to be available..." + sleep 15 + else + echo "Kibana is available." + break + fi +done + +# Removing the https:// part of the url provided in order to use it in the command below. +FORMATTED_ES_URL="${ES_URL/https:\/\//}" +FORMATTED_KB_URL="${KB_URL/https:\/\//}" + +# Find a way to remove this in the future +# This is used in order to wait for the environment to be ready. +sleep 150 + +TEST_CLOUD=1 TEST_ES_URL="https://elastic:$PASSWORD@$FORMATTED_ES_URL:443" TEST_KIBANA_URL="https://elastic:$PASSWORD@$FORMATTED_KB_URL:443" yarn run $1 +cmd_status=$? +echo "Exit code with status: $cmd_status" + +curl --location --request DELETE "https://global.qa.cld.elstc.co/api/v1/serverless/projects/security/$ID" \ + --header "Authorization: ApiKey $QA_API_KEY" + +exit $cmd_status \ No newline at end of file