[8.x] [Security Solution] Enable critical Rule Management tests in MK…

…I periodic and 2nd quality gate pipelines (#193666) (#194249)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Enable critical Rule Management tests in MKI
periodic and 2nd quality gate pipelines
(#193666)](#193666)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Maxim
Palenov","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-27T04:41:30Z","message":"[Security
Solution] Enable critical Rule Management tests in MKI periodic and 2nd
quality gate pipelines (#193666)\n\n**Resolves:**
https://github.com/elastic/security-team/issues/10609\r\n\r\n##
Summary\r\n\r\nThis PR enables critical Rule Management tests in
periodic and 2nd quality gate MKI pipelines. In the other words it
enable smoke testing for Rule Management critical features.\r\n\r\n##
Details\r\n\r\nA prerequisite Rule Management FTR and Cypress tests
audit result are summarized in a [Google Sheet
document](https://docs.google.com/spreadsheets/d/1jyNXlMpTLAxt5u_ZTNJVms7UnTmwA2xALq2C3HEOEqQ).
Based on feature criticality it was decided to enable critical FTR and
Cypress tests in periodic and 2nd quality gate MKI pipelines and disable
non critical tests in MKI
pipelines.","sha":"4ab4c661272fa2763f027204461c37d0a1620aad","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","backport:prev-minor","Project:Serverless","v8.16.0"],"title":"[Security
Solution] Enable critical Rule Management tests in MKI periodic and 2nd
quality gate
pipelines","number":193666,"url":"https://github.com/elastic/kibana/pull/193666","mergeCommit":{"message":"[Security
Solution] Enable critical Rule Management tests in MKI periodic and 2nd
quality gate pipelines (#193666)\n\n**Resolves:**
https://github.com/elastic/security-team/issues/10609\r\n\r\n##
Summary\r\n\r\nThis PR enables critical Rule Management tests in
periodic and 2nd quality gate MKI pipelines. In the other words it
enable smoke testing for Rule Management critical features.\r\n\r\n##
Details\r\n\r\nA prerequisite Rule Management FTR and Cypress tests
audit result are summarized in a [Google Sheet
document](https://docs.google.com/spreadsheets/d/1jyNXlMpTLAxt5u_ZTNJVms7UnTmwA2xALq2C3HEOEqQ).
Based on feature criticality it was decided to enable critical FTR and
Cypress tests in periodic and 2nd quality gate MKI pipelines and disable
non critical tests in MKI
pipelines.","sha":"4ab4c661272fa2763f027204461c37d0a1620aad"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193666","number":193666,"mergeCommit":{"message":"[Security
Solution] Enable critical Rule Management tests in MKI periodic and 2nd
quality gate pipelines (#193666)\n\n**Resolves:**
https://github.com/elastic/security-team/issues/10609\r\n\r\n##
Summary\r\n\r\nThis PR enables critical Rule Management tests in
periodic and 2nd quality gate MKI pipelines. In the other words it
enable smoke testing for Rule Management critical features.\r\n\r\n##
Details\r\n\r\nA prerequisite Rule Management FTR and Cypress tests
audit result are summarized in a [Google Sheet
document](https://docs.google.com/spreadsheets/d/1jyNXlMpTLAxt5u_ZTNJVms7UnTmwA2xALq2C3HEOEqQ).
Based on feature criticality it was decided to enable critical FTR and
Cypress tests in periodic and 2nd quality gate MKI pipelines and disable
non critical tests in MKI
pipelines.","sha":"4ab4c661272fa2763f027204461c37d0a1620aad"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Maxim Palenov <[email protected]>

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/index.ts

@@ -13,5 +13,6 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./perform_bulk_action_dry_run_ess'));
     loadTestFile(require.resolve('./perform_bulk_action'));
     loadTestFile(require.resolve('./perform_bulk_action_ess'));
+    loadTestFile(require.resolve('./perform_bulk_enable_disable.ts'));
   });
 }

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts

@@ -273,42 +273,6 @@ export default ({ getService }: FtrProviderContext): void => {
       await fetchRule(ruleId).expect(404);
     });
 
-    it('should enable rules', async () => {
-      const ruleId = 'ruleId';
-      await createRule(supertest, log, getSimpleRule(ruleId));
-
-      const { body } = await postBulkAction()
-        .send({ query: '', action: BulkActionTypeEnum.enable })
-        .expect(200);
-
-      expect(body.attributes.summary).toEqual({ failed: 0, skipped: 0, succeeded: 1, total: 1 });
-
-      // Check that the updated rule is returned with the response
-      expect(body.attributes.results.updated[0].enabled).toEqual(true);
-
-      // Check that the updates have been persisted
-      const { body: ruleBody } = await fetchRule(ruleId).expect(200);
-      expect(ruleBody.enabled).toEqual(true);
-    });
-
-    it('should disable rules', async () => {
-      const ruleId = 'ruleId';
-      await createRule(supertest, log, getSimpleRule(ruleId, true));
-
-      const { body } = await postBulkAction()
-        .send({ query: '', action: BulkActionTypeEnum.disable })
-        .expect(200);
-
-      expect(body.attributes.summary).toEqual({ failed: 0, skipped: 0, succeeded: 1, total: 1 });
-
-      // Check that the updated rule is returned with the response
-      expect(body.attributes.results.updated[0].enabled).toEqual(false);
-
-      // Check that the updates have been persisted
-      const { body: ruleBody } = await fetchRule(ruleId).expect(200);
-      expect(ruleBody.enabled).toEqual(false);
-    });
-
     it('should duplicate rules', async () => {
       const ruleId = 'ruleId';
       const ruleToDuplicate = getCustomQueryRuleParams({

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts

@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from 'expect';
+import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management';
+import { getCustomQueryRuleParams, fetchRule } from '../../../utils';
+import { createRule, deleteAllRules } from '../../../../../../common/utils/security_solution';
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default ({ getService }: FtrProviderContext): void => {
+  const supertest = getService('supertest');
+  const securitySolutionApi = getService('securitySolutionApi');
+  const log = getService('log');
+
+  describe('@ess @serverless @serverlessQA Bulk enable/disable', () => {
+    beforeEach(async () => {
+      await deleteAllRules(supertest, log);
+    });
+
+    it('should enable rules', async () => {
+      const ruleId = 'ruleId';
+      await createRule(
+        supertest,
+        log,
+        getCustomQueryRuleParams({ rule_id: ruleId, enabled: false })
+      );
+
+      const { body } = await securitySolutionApi.performRulesBulkAction({
+        query: {},
+        body: { action: BulkActionTypeEnum.enable },
+      });
+
+      expect(body.attributes.summary).toEqual({ failed: 0, skipped: 0, succeeded: 1, total: 1 });
+
+      // Check that the updated rule is returned with the response
+      expect(body.attributes.results.updated[0].enabled).toEqual(true);
+
+      // Check that the updates have been persisted
+      const ruleBody = await fetchRule(supertest, { ruleId });
+      expect(ruleBody.enabled).toEqual(true);
+    });
+
+    it('should disable rules', async () => {
+      const ruleId = 'ruleId';
+      await createRule(
+        supertest,
+        log,
+        getCustomQueryRuleParams({ rule_id: ruleId, enabled: true })
+      );
+
+      const { body } = await securitySolutionApi.performRulesBulkAction({
+        query: {},
+        body: { action: BulkActionTypeEnum.disable },
+      });
+
+      expect(body.attributes.summary).toEqual({ failed: 0, skipped: 0, succeeded: 1, total: 1 });
+
+      // Check that the updated rule is returned with the response
+      expect(body.attributes.results.updated[0].enabled).toEqual(false);
+
+      // Check that the updates have been persisted
+      const ruleBody = await fetchRule(supertest, { ruleId });
+      expect(ruleBody.enabled).toEqual(false);
+    });
+  });
+};

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_ml_rules_privileges.ts

@@ -68,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => {
         });
       });
 
-      it('@serverless should give a 200 when trying to create a single Machine Learning rule since the license is essentials', async () => {
+      it('@serverless @serverlessQA should give a 200 when trying to create a single Machine Learning rule since the license is essentials', async () => {
         const { body } = await supertest
           .post(DETECTION_ENGINE_RULES_URL)
           .set('kbn-xsrf', 'true')

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts

@@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => {
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts');
 
-  describe('@ess @serverless create_rules', () => {
+  describe('@ess @serverless @serverlessQA create_rules', () => {
     describe('creating rules', () => {
       before(async () => {
         await esArchiver.load(auditbeatPath);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts

@@ -38,7 +38,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const auditbeatPath = dataPathBuilder.getPath('auditbeat/hosts');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless create_rules_bulk', () => {
+  describe('@ess @serverless @skipInServerlessMKI create_rules_bulk', () => {
     describe('creating rules in bulk', () => {
       before(async () => {
         await esArchiver.load(auditbeatPath);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_new_terms.ts

@@ -20,7 +20,7 @@ export default ({ getService }: FtrProviderContext) => {
   /**
    * Specific api integration tests for new terms rule type
    */
-  describe('@serverless @ess create_new_terms', () => {
+  describe('@serverless @ess @serverlessQA create_new_terms', () => {
     beforeEach(async () => {
       await deleteAllRules(supertest, log);
     });

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts

@@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@serverless @ess create_rules', () => {
+  describe('@serverless @ess @serverlessQA create_rules', () => {
     describe('rule creation', () => {
       before(async () => {
         await es.indices.delete({ index: 'logs-test', ignore_unavailable: true });

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/preview_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const dataPathBuilder = new EsArchivePathBuilder(isServerless);
   const path = dataPathBuilder.getPath('auditbeat/hosts');
 
-  describe('@serverless @ess preview_rules', () => {
+  describe('@serverless @ess @serverlessQA preview_rules', () => {
     describe('previewing rules', () => {
       before(async () => {
         await esArchiver.load(path);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless delete_rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI delete_rules', () => {
     describe('deleting rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts

@@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless delete_rules_bulk', () => {
+  describe('@ess @serverless @skipInServerlessMKI delete_rules_bulk', () => {
     describe('deleting rules bulk using DELETE', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless delete_rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI delete_rules', () => {
     describe('deleting rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts

@@ -16,7 +16,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const log = getService('log');
   const securitySolutionApi = getService('securitySolutionApi');
 
-  describe('@ess @serverless export_rules', () => {
+  describe('@ess @serverless @serverlessQA export_rules', () => {
     describe('exporting rules', () => {
       afterEach(async () => {
         await deleteAllRules(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts

@@ -17,7 +17,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const securitySolutionApi = getService('securitySolutionApi');
   const log = getService('log');
 
-  describe('@ess @serverless import_rules', () => {
+  describe('@ess @serverless @serverlessQA import_rules', () => {
     describe('importing rules with an index', () => {
       afterEach(async () => {
         await deleteAllRules(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/coverage_overview.ts

@@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContext): void => {
     });
 
     // Both serverless and ESS
-    describe('@serverless @ess tests', () => {
+    describe('@ess @serverless @skipInServerlessMKI tests', () => {
       describe('base cases', () => {
         it('returns an empty response if there are no rules', async () => {
           const body = await getCoverageOverview(supertest);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts

@@ -23,7 +23,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const es = getService('es');
   const log = getService('log');
 
-  describe('@ess @serverless get_rule_management_filters', () => {
+  describe('@ess @serverless @serverlessQA get_rule_management_filters', () => {
     beforeEach(async () => {
       await deleteAllRules(supertest, log);
     });

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless patch_rules', () => {
+  describe('@ess @serverless @serverlessQA patch_rules', () => {
     describe('patch rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless patch_rules_bulk', () => {
+  describe('@ess @serverless @skipInServerlessMKI patch_rules_bulk', () => {
     describe('patch rules bulk', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts

@@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const log = getService('log');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless find_rules', () => {
+  describe('@ess @serverless @serverlessQA find_rules', () => {
     beforeEach(async () => {
       await deleteAllRules(supertest, log);
     });

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless read_rules', () => {
+  describe('@ess @serverless @serverlessQA read_rules', () => {
     describe('reading rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts

@@ -25,7 +25,7 @@ export default ({ getService }: FtrProviderContext): void => {
   const log = getService('log');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless find_rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI find_rules', () => {
     beforeEach(async () => {
       await deleteAllRules(supertest, log);
     });

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts

@@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless read_rules', () => {
+  describe('@ess @serverless @skipInServerlessMKI read_rules', () => {
     describe('reading rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts

@@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless update_rules', () => {
+  describe('@ess @serverless @serverlessQA update_rules', () => {
     describe('update rules', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts

@@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const utils = getService('securitySolutionUtils');
 
-  describe('@ess @serverless update_rules_bulk', () => {
+  describe('@ess @serverless @skipInServerlessMKI update_rules_bulk', () => {
     describe('update rules bulk', () => {
       beforeEach(async () => {
         await createAlertsIndex(supertest, log);

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/notifications.cy.ts

@@ -32,7 +32,7 @@ const RULE_1 = createRuleAssetSavedObject({
 
 describe(
   'Detection rules, Prebuilt Rules Installation and Update Notifications',
-  { tags: ['@ess', '@serverless'] },
+  { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] },
   () => {
     beforeEach(() => {
       login();
@@ -72,7 +72,7 @@ describe(
     });
 
     // https://github.com/elastic/kibana/issues/179968
-    describe('Notifications', { tags: ['@skipInServerlessMKI'] }, () => {
+    describe('Notifications', () => {
       beforeEach(() => {
         installPrebuiltRuleAssets([RULE_1]);
       });

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts

@@ -77,7 +77,7 @@ const PREVIEW_TABS = {
 
 describe(
   'Detection rules, Prebuilt Rules Installation and Update workflow',
-  { tags: ['@ess', '@serverless'] },
+  { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] },
   () => {
     const commonProperties: Partial<PrebuiltRuleAsset> = {
       author: ['Elastic', 'Another author'],

x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow.cy.ts

@@ -32,7 +32,7 @@ import { visitRulesManagementTable } from '../../../../tasks/rules_management';
 
 describe(
   'Detection rules, Prebuilt Rules Installation and Update workflow',
-  { tags: ['@ess', '@serverless'] },
+  { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] },
   () => {
     describe('Upgrade of prebuilt rules', () => {
       const RULE_1_ID = 'rule_1';