diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts index 51f98b5389a9d..e216d7446941a 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts @@ -6,7 +6,6 @@ */ import type { Agent as SuperTestAgent } from 'supertest'; -import { Client } from '@elastic/elasticsearch'; import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import type { IndexDetails } from '@kbn/cloud-security-posture-common'; @@ -14,51 +13,6 @@ import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugi import { SecurityService } from '@kbn/ftr-common-functional-ui-services'; import { RoleCredentials } from '@kbn/ftr-common-functional-services'; -export const deleteIndex = async (es: Client, indexToBeDeleted: string[]) => { - return Promise.all([ - ...indexToBeDeleted.map((indexes) => - es.deleteByQuery({ - index: indexes, - query: { - match_all: {}, - }, - ignore_unavailable: true, - refresh: true, - }) - ), - ]); -}; - -export const bulkIndex = async (es: Client, findingsMock: T[], indexName: string) => { - const operations = findingsMock.flatMap((finding) => [ - { create: { _index: indexName } }, // Action description - { - ...finding, - '@timestamp': new Date().toISOString(), - }, // Data to index - ]); - - await es.bulk({ - body: operations, // Bulk API expects 'body' for operations - refresh: true, - }); -}; - -export const addIndex = async (es: Client, findingsMock: T[], indexName: string) => { - await Promise.all([ - ...findingsMock.map((finding) => - es.index({ - index: indexName, - body: { - ...finding, - '@timestamp': new Date().toISOString(), - }, - refresh: true, - }) - ), - ]); -}; - export async function createPackagePolicy( supertest: SuperTestAgent, agentPolicyId: string, diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts index ce0c9014478dc..a2949a9f35253 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_index_timeout.ts @@ -13,16 +13,10 @@ import { LATEST_FINDINGS_INDEX_DEFAULT_NS, VULNERABILITIES_INDEX_DEFAULT_NS, } from '@kbn/cloud-security-posture-plugin/common/constants'; +import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils'; import { generateAgent } from '../../../../fleet_api_integration/helpers'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { deleteIndex, createPackagePolicy } from '../helper'; - -const INDEX_ARRAY = [ - FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - VULNERABILITIES_INDEX_DEFAULT_NS, -]; +import { createPackagePolicy } from '../helper'; const currentTimeMinusFourHours = new Date(Date.now() - 21600000).toISOString(); const currentTimeMinusTenMinutes = new Date(Date.now() - 600000).toISOString(); @@ -35,6 +29,13 @@ export default function (providerContext: FtrProviderContext) { const esArchiver = getService('esArchiver'); const kibanaServer = getService('kibanaServer'); const fleetAndAgents = getService('fleetAndAgents'); + const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS); + const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS); + const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS); + const cdrVulnerabilitiesIndex = new EsIndexDataProvider( + es, + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN + ); describe('GET /internal/cloud_security_posture/status', () => { let agentPolicyId: string; @@ -84,12 +85,20 @@ export default function (providerContext: FtrProviderContext) { .expect(200); await generateAgent(providerContext, 'healthy', `Agent policy test 2`, agentPolicyId); - await deleteIndex(es, INDEX_ARRAY); + await findingsIndex.deleteAll(); + await latestFindingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); + await cdrVulnerabilitiesIndex.deleteAll(); }); afterEach(async () => { await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); + + await findingsIndex.deleteAll(); + await latestFindingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); + await cdrVulnerabilitiesIndex.deleteAll(); }); it(`Should return index-timeout when installed kspm, has findings only on logs-cloud_security_posture.findings-default* and it has been more than 10 minutes since the installation`, async () => { diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts index 504bb9f504516..6f43f966bbcc0 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexed.ts @@ -8,28 +8,25 @@ import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; import type { CspSetupStatus } from '@kbn/cloud-security-posture-common'; -import { - FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, - VULNERABILITIES_INDEX_DEFAULT_NS, -} from '@kbn/cloud-security-posture-plugin/common/constants'; +import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { deleteIndex, addIndex, createPackagePolicy } from '../helper'; +import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils'; +import { createPackagePolicy } from '../helper'; import { findingsMockData, vulnerabilityMockData } from '../mock_data'; -const INDEX_ARRAY = [ - FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - VULNERABILITIES_INDEX_DEFAULT_NS, -]; - export default function (providerContext: FtrProviderContext) { const { getService } = providerContext; const supertest = getService('supertest'); const es = getService('es'); const esArchiver = getService('esArchiver'); const kibanaServer = getService('kibanaServer'); + const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS); + const latestVulnerabilitiesIndex = new EsIndexDataProvider( + es, + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN + ); + const mock3PIndex = 'security_solution-mock-3p-integration.misconfiguration_latest'; + const _3pIndex = new EsIndexDataProvider(es, mock3PIndex); describe('GET /internal/cloud_security_posture/status', () => { let agentPolicyId: string; @@ -50,19 +47,21 @@ export default function (providerContext: FtrProviderContext) { agentPolicyId = agentPolicyResponse.item.id; - await deleteIndex(es, INDEX_ARRAY); - await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS); - await addIndex(es, vulnerabilityMockData, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN); + await latestFindingsIndex.deleteAll(); + await latestVulnerabilitiesIndex.deleteAll(); + await _3pIndex.deleteAll(); }); afterEach(async () => { - await deleteIndex(es, INDEX_ARRAY); + await latestFindingsIndex.deleteAll(); + await latestVulnerabilitiesIndex.deleteAll(); + await _3pIndex.deleteAll(); await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); }); it(`Return hasMisconfigurationsFindings true when there are latest findings but no installed integrations`, async () => { - await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS); + await latestFindingsIndex.addBulk(findingsMockData); const { body: res }: { body: CspSetupStatus } = await supertest .get(`/internal/cloud_security_posture/status`) @@ -77,9 +76,7 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return hasMisconfigurationsFindings true when there are only findings in third party index`, async () => { - await deleteIndex(es, INDEX_ARRAY); - const mock3PIndex = 'security_solution-mock-3p-integration.misconfiguration_latest'; - await addIndex(es, findingsMockData, mock3PIndex); + await _3pIndex.addBulk(findingsMockData); const { body: res }: { body: CspSetupStatus } = await supertest .get(`/internal/cloud_security_posture/status`) @@ -91,13 +88,9 @@ export default function (providerContext: FtrProviderContext) { true, `expected hasMisconfigurationsFindings to be true but got ${res.hasMisconfigurationsFindings} instead` ); - - await deleteIndex(es, [mock3PIndex]); }); it(`Return hasMisconfigurationsFindings false when there are no findings`, async () => { - await deleteIndex(es, INDEX_ARRAY); - const { body: res }: { body: CspSetupStatus } = await supertest .get(`/internal/cloud_security_posture/status`) .set(ELASTIC_HTTP_VERSION_HEADER, '1') @@ -111,6 +104,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => { + await latestFindingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertest, agentPolicyId, @@ -133,6 +128,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => { + await latestFindingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertest, agentPolicyId, @@ -155,6 +152,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return vuln status indexed when logs-cloud_security_posture.vulnerabilities_latest-default contains new documents`, async () => { + await latestVulnerabilitiesIndex.addBulk(vulnerabilityMockData); + await createPackagePolicy( supertest, agentPolicyId, diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts index 4d66d8460b9a4..72efb30c36141 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_indexing.ts @@ -7,29 +7,23 @@ import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import type { CspSetupStatus } from '@kbn/cloud-security-posture-common'; -import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; import { FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, VULNERABILITIES_INDEX_DEFAULT_NS, } from '@kbn/cloud-security-posture-plugin/common/constants'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { deleteIndex, addIndex, createPackagePolicy } from '../helper'; +import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils'; +import { createPackagePolicy } from '../helper'; import { findingsMockData, vulnerabilityMockData } from '../mock_data'; -const INDEX_ARRAY = [ - FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - VULNERABILITIES_INDEX_DEFAULT_NS, -]; - export default function (providerContext: FtrProviderContext) { const { getService } = providerContext; const supertest = getService('supertest'); const es = getService('es'); const esArchiver = getService('esArchiver'); const kibanaServer = getService('kibanaServer'); + const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS); + const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS); describe('GET /internal/cloud_security_posture/status', () => { let agentPolicyId: string; @@ -49,18 +43,20 @@ export default function (providerContext: FtrProviderContext) { }); agentPolicyId = agentPolicyResponse.item.id; - await deleteIndex(es, INDEX_ARRAY); - await addIndex(es, findingsMockData, FINDINGS_INDEX_DEFAULT_NS); - await addIndex(es, vulnerabilityMockData, VULNERABILITIES_INDEX_DEFAULT_NS); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); }); afterEach(async () => { - await deleteIndex(es, INDEX_ARRAY); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); }); it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => { + await findingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertest, agentPolicyId, @@ -83,6 +79,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => { + await findingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertest, agentPolicyId, @@ -105,6 +103,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return vuln status indexing when logs-cloud_security_posture.vulnerabilities_latest-default doesn't contain vuln new documents, but has newly connected agents`, async () => { + await vulnerabilitiesIndex.addBulk(vulnerabilityMockData); + await createPackagePolicy( supertest, agentPolicyId, diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts index 7c09e4b51f679..cecbffdae1cfe 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/status/status_unprivileged.ts @@ -20,7 +20,6 @@ import { createCSPOnlyRole, deleteRole, deleteUser, - deleteIndex, assertIndexStatus, } from '../helper'; @@ -32,7 +31,6 @@ export default function (providerContext: FtrProviderContext) { const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const esArchiver = getService('esArchiver'); - const es = getService('es'); const kibanaServer = getService('kibanaServer'); const security = getService('security'); @@ -171,7 +169,6 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return unprivileged when missing access to score index`, async () => { - await deleteIndex(es, [BENCHMARK_SCORE_INDEX_DEFAULT_NS]); await createCSPOnlyRole(security, UNPRIVILEGED_ROLE, BENCHMARK_SCORE_INDEX_DEFAULT_NS); await createUser(security, UNPRIVILEGED_USERNAME, UNPRIVILEGED_ROLE); diff --git a/x-pack/test/cloud_security_posture_api/utils.ts b/x-pack/test/cloud_security_posture_api/utils.ts index 6f0d86419a349..c6ec87fcfb411 100644 --- a/x-pack/test/cloud_security_posture_api/utils.ts +++ b/x-pack/test/cloud_security_posture_api/utils.ts @@ -44,13 +44,16 @@ export class EsIndexDataProvider { this.index = index; } - addBulk(docs: Array>, overrideTimestamp = true) { + async addBulk(docs: Array>, overrideTimestamp = true) { const operations = docs.flatMap((doc) => [ { index: { _index: this.index } }, { ...doc, ...(overrideTimestamp ? { '@timestamp': new Date().toISOString() } : {}) }, ]); - return this.es.bulk({ refresh: 'wait_for', index: this.index, operations }); + const resp = await this.es.bulk({ refresh: 'wait_for', index: this.index, operations }); + expect(resp.errors).length(0, `Error in bulk indexing: ${JSON.stringify(resp)}`); + + return resp; } async deleteAll() { diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts index b3db98c829afd..f3d613a41d590 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/cloud_security_metering.ts @@ -10,11 +10,10 @@ import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-secu import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants'; import * as http from 'http'; import { - deleteIndex, createPackagePolicy, createCloudDefendPackagePolicy, - bulkIndex, } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { EsIndexDataProvider } from '@kbn/test-suites-xpack/cloud_security_posture_api/utils'; import { RoleCredentials } from '../../../../../shared/services'; import { getMockFindings, getMockDefendForContainersHeartbeats } from './mock_data'; import type { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -32,6 +31,12 @@ export default function (providerContext: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); const svlUserManager = getService('svlUserManager'); const supertestWithoutAuth = getService('supertestWithoutAuth'); + const findingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS); + const cloudDefinedIndex = new EsIndexDataProvider(es, CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS); + const vulnerabilitiesIndex = new EsIndexDataProvider( + es, + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN + ); /* This test aims to intercept the usage API request sent by the metering background task manager. @@ -67,25 +72,17 @@ export default function (providerContext: FtrProviderContext) { agentPolicyId = agentPolicyResponse.item.id; - await deleteIndex(es, [ - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS, - ]); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); + await cloudDefinedIndex.deleteAll(); }); afterEach(async () => { - await deleteIndex(es, [ - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - ]); await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); - await deleteIndex(es, [ - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS, - ]); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); + await cloudDefinedIndex.deleteAll(); }); after(async () => { await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); @@ -116,11 +113,7 @@ export default function (providerContext: FtrProviderContext) { numberOfFindings: 10, }); - await bulkIndex( - es, - [...billableFindings, ...notBillableFindings], - LATEST_FINDINGS_INDEX_DEFAULT_NS - ); + await findingsIndex.addBulk([...billableFindings, ...notBillableFindings]); let interceptedRequestBody: UsageRecord[] = []; await retry.try(async () => { @@ -160,11 +153,7 @@ export default function (providerContext: FtrProviderContext) { numberOfFindings: 11, }); - await bulkIndex( - es, - [...billableFindings, ...notBillableFindings], - LATEST_FINDINGS_INDEX_DEFAULT_NS - ); + await findingsIndex.addBulk([...billableFindings, ...notBillableFindings]); let interceptedRequestBody: UsageRecord[] = []; @@ -199,7 +188,7 @@ export default function (providerContext: FtrProviderContext) { numberOfFindings: 2, }); - await bulkIndex(es, billableFindings, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN); + await vulnerabilitiesIndex.addBulk(billableFindings); let interceptedRequestBody: UsageRecord[] = []; @@ -233,11 +222,11 @@ export default function (providerContext: FtrProviderContext) { isBlockActionEnables: false, numberOfHearbeats: 2, }); - await bulkIndex( - es, - [...blockActionEnabledHeartbeats, ...blockActionDisabledHeartbeats], - CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS - ); + + await cloudDefinedIndex.addBulk([ + ...blockActionEnabledHeartbeats, + ...blockActionDisabledHeartbeats, + ]); let interceptedRequestBody: UsageRecord[] = []; @@ -315,22 +304,17 @@ export default function (providerContext: FtrProviderContext) { }); await Promise.all([ - bulkIndex( - es, - [ - ...billableFindingsCSPM, - ...notBillableFindingsCSPM, - ...billableFindingsKSPM, - ...notBillableFindingsKSPM, - ], - LATEST_FINDINGS_INDEX_DEFAULT_NS - ), - bulkIndex(es, [...billableFindingsCNVM], CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN), - bulkIndex( - es, - [...blockActionEnabledHeartbeats, ...blockActionDisabledHeartbeats], - CLOUD_DEFEND_HEARTBEAT_INDEX_DEFAULT_NS - ), + findingsIndex.addBulk([ + ...billableFindingsCSPM, + ...notBillableFindingsCSPM, + ...billableFindingsKSPM, + ...notBillableFindingsKSPM, + ]), + vulnerabilitiesIndex.addBulk([...billableFindingsCNVM]), + cloudDefinedIndex.addBulk([ + ...blockActionEnabledHeartbeats, + ...blockActionDisabledHeartbeats, + ]), ]); // Intercept and verify usage API request diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/mock_data.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/mock_data.ts index 5e5844eaaf3b5..1991b53b85b35 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/mock_data.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/serverless_metering/mock_data.ts @@ -82,6 +82,8 @@ const mockFiniding = (postureType: string, isBillableAsset?: boolean) => { }, }; } + + throw new Error('Invalid posture type'); }; export const getMockDefendForContainersHeartbeats = ({ diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts index a9da3a42cdfc8..2c53a277ab188 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexed.ts @@ -13,11 +13,8 @@ import { LATEST_FINDINGS_INDEX_DEFAULT_NS, VULNERABILITIES_INDEX_DEFAULT_NS, } from '@kbn/cloud-security-posture-plugin/common/constants'; -import { - deleteIndex, - addIndex, - createPackagePolicy, -} from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { createPackagePolicy } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { EsIndexDataProvider } from '@kbn/test-suites-xpack/cloud_security_posture_api/utils'; import { findingsMockData, vulnerabilityMockData, @@ -40,6 +37,11 @@ export default function (providerContext: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); const svlCommonApi = getService('svlCommonApi'); const svlUserManager = getService('svlUserManager'); + const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS); + const latestVulnerabilitiesIndex = new EsIndexDataProvider( + es, + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN + ); describe('GET /internal/cloud_security_posture/status', function () { // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all] @@ -74,18 +76,20 @@ export default function (providerContext: FtrProviderContext) { agentPolicyId = agentPolicyResponse.item.id; - await deleteIndex(es, INDEX_ARRAY); - await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS); - await addIndex(es, vulnerabilityMockData, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN); + await latestFindingsIndex.deleteAll(); + await latestVulnerabilitiesIndex.deleteAll(); }); afterEach(async () => { - await deleteIndex(es, INDEX_ARRAY); + await latestFindingsIndex.deleteAll(); + await latestVulnerabilitiesIndex.deleteAll(); await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); }); it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => { + await latestFindingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, @@ -112,6 +116,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => { + await latestFindingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, @@ -138,6 +144,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return vuln status indexed when logs-cloud_security_posture.vulnerabilities_latest-default contains new documents`, async () => { + await latestVulnerabilitiesIndex.addBulk(vulnerabilityMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts index ec6a5835e6aa3..b0f549077c43f 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/status/status_indexing.ts @@ -7,31 +7,19 @@ import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import type { CspSetupStatus } from '@kbn/cloud-security-posture-common'; -import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; import { FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, VULNERABILITIES_INDEX_DEFAULT_NS, } from '@kbn/cloud-security-posture-plugin/common/constants'; -import { - deleteIndex, - addIndex, - createPackagePolicy, -} from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { createPackagePolicy } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; import { findingsMockData, vulnerabilityMockData, } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/mock_data'; +import { EsIndexDataProvider } from '@kbn/test-suites-xpack/cloud_security_posture_api/utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; import { RoleCredentials } from '../../../../../shared/services'; -const INDEX_ARRAY = [ - FINDINGS_INDEX_DEFAULT_NS, - LATEST_FINDINGS_INDEX_DEFAULT_NS, - CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, - VULNERABILITIES_INDEX_DEFAULT_NS, -]; - export default function (providerContext: FtrProviderContext) { const { getService } = providerContext; const es = getService('es'); @@ -40,6 +28,8 @@ export default function (providerContext: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); const svlCommonApi = getService('svlCommonApi'); const svlUserManager = getService('svlUserManager'); + const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS); + const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS); describe('GET /internal/cloud_security_posture/status', function () { // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all] @@ -73,18 +63,20 @@ export default function (providerContext: FtrProviderContext) { }); agentPolicyId = agentPolicyResponse.item.id; - await deleteIndex(es, INDEX_ARRAY); - await addIndex(es, findingsMockData, FINDINGS_INDEX_DEFAULT_NS); - await addIndex(es, vulnerabilityMockData, VULNERABILITIES_INDEX_DEFAULT_NS); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); }); afterEach(async () => { - await deleteIndex(es, INDEX_ARRAY); + await findingsIndex.deleteAll(); + await vulnerabilitiesIndex.deleteAll(); await kibanaServer.savedObjects.cleanStandardList(); await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server'); }); it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => { + await findingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, @@ -111,6 +103,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => { + await findingsIndex.addBulk(findingsMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, @@ -137,6 +131,8 @@ export default function (providerContext: FtrProviderContext) { }); it(`Return vuln status indexing when logs-cloud_security_posture.vulnerabilities_latest-default doesn't contain vuln new documents, but has newly connected agents`, async () => { + await vulnerabilitiesIndex.addBulk(vulnerabilityMockData); + await createPackagePolicy( supertestWithoutAuth, agentPolicyId, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts index 62cf85b47d997..15700419a7e96 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts @@ -7,11 +7,12 @@ import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; -import { - data as telemetryMockData, - MockTelemetryFindings, -} from '@kbn/test-suites-xpack/cloud_security_posture_api/telemetry/data'; +import { data as telemetryMockData } from '@kbn/test-suites-xpack/cloud_security_posture_api/telemetry/data'; import { createPackagePolicy } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { + waitForPluginInitialized, + EsIndexDataProvider, +} from '@kbn/test-suites-xpack/cloud_security_posture_api/utils'; import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import type { FtrProviderContext } from '../../../ftr_provider_context'; import { RoleCredentials } from '../../../../shared/services'; @@ -21,7 +22,7 @@ const FINDINGS_INDEX = 'logs-cloud_security_posture.findings_latest-default'; export default function ({ getService }: FtrProviderContext) { const retry = getService('retry'); const es = getService('es'); - const log = getService('log'); + const logger = getService('log'); const esArchiver = getService('esArchiver'); const kibanaServer = getService('kibanaServer'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -33,24 +34,7 @@ export default function ({ getService }: FtrProviderContext) { let roleAuthc: RoleCredentials; let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }; - const index = { - remove: () => - es.deleteByQuery({ - index: FINDINGS_INDEX, - query: { match_all: {} }, - refresh: true, - }), - - add: async (mockTelemetryFindings: MockTelemetryFindings[]) => { - const operations = mockTelemetryFindings.flatMap((doc) => [ - { index: { _index: FINDINGS_INDEX } }, - doc, - ]); - - const response = await es.bulk({ refresh: 'wait_for', index: FINDINGS_INDEX, operations }); - expect(response.errors).to.eql(false); - }, - }; + const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX); describe('Verify cloud_security_posture telemetry payloads', function () { // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all] @@ -95,22 +79,11 @@ export default function ({ getService }: FtrProviderContext) { internalRequestHeader ); - log.debug('Check CSP plugin is initialized'); - await retry.try(async () => { - const supertestAdminWithHttpHeaderV1 = await roleScopedSupertest.getSupertestWithRoleScope( - 'admin', - { - useCookieHeader: true, - withInternalHeaders: true, - withCustomHeaders: { [ELASTIC_HTTP_VERSION_HEADER]: '1' }, - } - ); - const response = await supertestAdminWithHttpHeaderV1 - .get('/internal/cloud_security_posture/status?check=init') - .expect(200); - expect(response.body).to.eql({ isPluginInitialized: true }); - log.debug('CSP plugin is initialized'); + const supertestAdmin = await roleScopedSupertest.getSupertestWithRoleScope('admin', { + useCookieHeader: true, + withInternalHeaders: true, }); + await waitForPluginInitialized({ logger, retry, supertest: supertestAdmin }); }); after(async () => { @@ -120,11 +93,11 @@ export default function ({ getService }: FtrProviderContext) { }); afterEach(async () => { - await index.remove(); + await findingsIndex.deleteAll(); }); it('includes only KSPM findings', async () => { - await index.add(telemetryMockData.kspmFindings); + await findingsIndex.addBulk(telemetryMockData.kspmFindings); const { body: [{ stats: apiResponse }], @@ -175,7 +148,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('includes only CSPM findings', async () => { - await index.add(telemetryMockData.cspmFindings); + await findingsIndex.addBulk(telemetryMockData.cspmFindings); const { body: [{ stats: apiResponse }], @@ -218,8 +191,10 @@ export default function ({ getService }: FtrProviderContext) { }); it('includes CSPM and KSPM findings', async () => { - await index.add(telemetryMockData.kspmFindings); - await index.add(telemetryMockData.cspmFindings); + await findingsIndex.addBulk([ + ...telemetryMockData.kspmFindings, + ...telemetryMockData.cspmFindings, + ]); const { body: [{ stats: apiResponse }], @@ -294,7 +269,7 @@ export default function ({ getService }: FtrProviderContext) { }); it(`'includes only KSPM findings without posture_type'`, async () => { - await index.add(telemetryMockData.kspmFindingsNoPostureType); + await findingsIndex.addBulk(telemetryMockData.kspmFindingsNoPostureType); const { body: [{ stats: apiResponse }], @@ -346,8 +321,10 @@ export default function ({ getService }: FtrProviderContext) { }); it('includes KSPM findings without posture_type and CSPM findings as well', async () => { - await index.add(telemetryMockData.kspmFindingsNoPostureType); - await index.add(telemetryMockData.cspmFindings); + await findingsIndex.addBulk([ + ...telemetryMockData.kspmFindingsNoPostureType, + ...telemetryMockData.cspmFindings, + ]); const { body: [{ stats: apiResponse }],