[SecuritySolution] Revert defend-workflows integration tests

.buildkite/ftr_configs.yml

@@ -13,10 +13,8 @@ disabled:
   - x-pack/test/security_solution_api_integration/config/ess/config.base.basic.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.ts
   - x-pack/test/security_solution_api_integration/config/serverless/config.base.essentials.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/config.base.ts
   - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.base.ts
-  - x-pack/test/security_solution_endpoint/config.base.ts
-  - x-pack/test/security_solution_endpoint_api_int/config.base.ts
+  - x-pack/test/security_solution_endpoint/configs/config.base.ts
 
   # QA suites that are run out-of-band
   - x-pack/test/stack_functional_integration/configs/config.stack_functional_integration_base.js
@@ -408,6 +406,10 @@ enabled:
   - x-pack/test/security_functional/insecure_cluster_warning.config.ts
   - x-pack/test/security_functional/user_profiles.config.ts
   - x-pack/test/security_functional/expired_session.config.ts
+  - x-pack/test/security_solution_endpoint/configs/endpoint.config.ts
+  - x-pack/test/security_solution_endpoint/configs/serverless.endpoint.config.ts
+  - x-pack/test/security_solution_endpoint/configs/integrations.config.ts
+  - x-pack/test/security_solution_endpoint/configs/serverless.integrations.config.ts
   - x-pack/test/session_view/basic/config.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/config_basic.ts
   - x-pack/test/spaces_api_integration/security_and_spaces/copy_to_space_config_basic.ts
@@ -580,7 +582,3 @@ enabled:
   - x-pack/test/security_solution_api_integration/test_suites/sources/indices/trial_license_complete_tier/configs/serverless.config.ts
   - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/config.ts
   - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/configs/serverless.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/endpoint.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/serverless.endpoint.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/integrations.config.ts
-  - x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/configs/serverless.integrations.config.ts

.github/CODEOWNERS

@@ -1617,7 +1617,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/scripts/endpoint/ @elastic/security-defend-workflows
-/x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint/ @elastic/security-defend-workflows
+/x-pack/test/security_solution_endpoint/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
 /x-pack/test_serverless/shared/lib/security/kibana_roles/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution_serverless/public/upselling/sections/endpoint_management @elastic/security-defend-workflows

x-pack/test/common/services/security_solution/endpoint_data_stream_helpers.ts

@@ -0,0 +1,145 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { Client } from '@elastic/elasticsearch';
+import { AGENTS_INDEX } from '@kbn/fleet-plugin/common';
+import {
+  alertsIndexPattern,
+  eventsIndexPattern,
+  METADATA_DATASTREAM,
+  METADATA_UNITED_INDEX,
+  metadataCurrentIndexPattern,
+  metadataIndexPattern,
+  policyIndexPattern,
+  telemetryIndexPattern,
+} from '@kbn/security-solution-plugin/common/endpoint/constants';
+
+export function SecuritySolutionEndpointDataStreamHelpers() {
+  function deleteDataStream(getService: (serviceName: 'es') => Client, index: string) {
+    const client = getService('es');
+    return client.transport.request(
+      {
+        method: 'DELETE',
+        path: `_data_stream/${index}`,
+      },
+      {
+        ignore: [404],
+      }
+    );
+  }
+
+  async function deleteAllDocsFromIndex(getService: (serviceName: 'es') => Client, index: string) {
+    const client = getService('es');
+    await client.deleteByQuery(
+      {
+        query: {
+          match_all: {},
+        },
+        index,
+        wait_for_completion: true,
+        refresh: true,
+      },
+      {
+        ignore: [404],
+      }
+    );
+  }
+
+  async function deleteIndex(getService: (serviceName: 'es') => Client, index: string) {
+    const client = getService('es');
+    await client.indices.delete({ index, ignore_unavailable: true });
+  }
+
+  async function deleteMetadataStream(getService: (serviceName: 'es') => Client) {
+    await deleteDataStream(getService, metadataIndexPattern);
+  }
+
+  async function deleteAllDocsFromMetadataDatastream(getService: (serviceName: 'es') => Client) {
+    await deleteAllDocsFromIndex(getService, METADATA_DATASTREAM);
+  }
+
+  async function deleteAllDocsFromMetadataCurrentIndex(getService: (serviceName: 'es') => Client) {
+    await deleteAllDocsFromIndex(getService, metadataCurrentIndexPattern);
+  }
+
+  async function deleteAllDocsFromMetadataUnitedIndex(getService: (serviceName: 'es') => Client) {
+    await deleteAllDocsFromIndex(getService, METADATA_UNITED_INDEX);
+  }
+
+  async function deleteEventsStream(getService: (serviceName: 'es') => Client) {
+    await deleteDataStream(getService, eventsIndexPattern);
+  }
+
+  async function deleteAlertsStream(getService: (serviceName: 'es') => Client) {
+    await deleteDataStream(getService, alertsIndexPattern);
+  }
+
+  async function deletePolicyStream(getService: (serviceName: 'es') => Client) {
+    await deleteDataStream(getService, policyIndexPattern);
+  }
+
+  async function deleteTelemetryStream(getService: (serviceName: 'es') => Client) {
+    await deleteDataStream(getService, telemetryIndexPattern);
+  }
+
+  function deleteAllDocsFromFleetAgents(getService: (serviceName: 'es') => Client) {
+    return deleteAllDocsFromIndex(getService, AGENTS_INDEX);
+  }
+
+  function stopTransform(getService: (serviceName: 'es') => Client, transformId: string) {
+    const client = getService('es');
+    const stopRequest = {
+      transform_id: transformId,
+      force: true,
+      wait_for_completion: true,
+      allow_no_match: true,
+    };
+    return client.transform.stopTransform(stopRequest);
+  }
+
+  async function startTransform(getService: (serviceName: 'es') => Client, transformId: string) {
+    const client = getService('es');
+    const transformsResponse = await client.transform.getTransform({
+      transform_id: `${transformId}*`,
+    });
+    return Promise.all(
+      transformsResponse.transforms.map((transform) => {
+        const t = transform as unknown as { id: string };
+        return client.transform.startTransform({ transform_id: t.id });
+      })
+    );
+  }
+
+  function bulkIndex(getService: (serviceName: 'es') => Client, index: string, docs: unknown[]) {
+    const operations = docs.flatMap((doc) => [{ create: { _index: index } }, doc]);
+    const client = getService('es');
+
+    return client.bulk({
+      index,
+      refresh: 'wait_for',
+      operations,
+    });
+  }
+
+  return {
+    deleteDataStream,
+    deleteAllDocsFromIndex,
+    deleteIndex,
+    deleteMetadataStream,
+    deleteAllDocsFromMetadataDatastream,
+    deleteAllDocsFromMetadataCurrentIndex,
+    deleteAllDocsFromMetadataUnitedIndex,
+    deleteEventsStream,
+    deleteAlertsStream,
+    deletePolicyStream,
+    deleteTelemetryStream,
+    deleteAllDocsFromFleetAgents,
+    stopTransform,
+    startTransform,
+    bulkIndex,
+  };
+}

x-pack/test/common/services/security_solution/endpoint_registry_helpers.ts

@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import path from 'path';
+
+import { defineDockerServersConfig } from '@kbn/test';
+import { dockerImage as ingestDockerImage } from '../../../fleet_api_integration/config.base';
+
+export function SecuritySolutionEndpointRegistryHelpers() {
+  /**
+   * This is used by CI to set the docker registry port
+   * you can also define this environment variable locally when running tests which
+   * will spin up a local docker package registry locally for you
+   * if this is defined it takes precedence over the `packageRegistryOverride` variable
+   */
+  const dockerRegistryPort: string | undefined = process.env.FLEET_PACKAGE_REGISTRY_PORT;
+
+  /**
+   * If you don't want to use the docker image version pinned below and instead want to run your own
+   * registry or use an external registry you can define this environment variable when running
+   * the tests to use that registry url instead.
+   *
+   * This is particularly useful when a developer needs to test a new package against the kibana
+   * integration or functional tests. Instead of having to publish a whole new docker image we
+   * can set this environment variable which will point to the location of where your package registry
+   * is serving the updated package.
+   *
+   * This variable will not and should not be used by CI. CI should always use the pinned docker image below.
+   */
+  const packageRegistryOverride: string | undefined = process.env.PACKAGE_REGISTRY_URL_OVERRIDE;
+
+  const defaultRegistryConfigPath = path.join(__dirname, './fixtures/package_registry_config.yml');
+
+  const getRegistryUrlFromTestEnv = () => {
+    let registryUrl: string | undefined;
+    if (dockerRegistryPort !== undefined) {
+      registryUrl = `--xpack.fleet.registryUrl=http://localhost:${dockerRegistryPort}`;
+    } else if (packageRegistryOverride !== undefined) {
+      registryUrl = `--xpack.fleet.registryUrl=${packageRegistryOverride}`;
+    }
+    return registryUrl;
+  };
+
+  const isRegistryEnabled = () => {
+    return getRegistryUrlFromTestEnv() !== undefined;
+  };
+
+  return {
+    createEndpointDockerConfig(
+      packageRegistryConfig: string = defaultRegistryConfigPath,
+      dockerImage: string = ingestDockerImage,
+      dockerArgs: string[] = []
+    ) {
+      const args: string[] = [
+        '-v',
+        `${packageRegistryConfig}:/package-registry/config.yml`,
+        ...dockerArgs,
+      ];
+      return defineDockerServersConfig({
+        registry: {
+          enabled: !!dockerRegistryPort,
+          image: dockerImage,
+          portInContainer: 8080,
+          port: dockerRegistryPort,
+          args,
+          waitForLogLine: 'package manifests loaded',
+          waitForLogLineTimeoutMs: 60 * 2 * 10000, // 2 minutes,
+        },
+      });
+    },
+
+    getRegistryUrlFromTestEnv,
+
+    getRegistryUrlAsArray(): string[] {
+      const registryUrl: string | undefined = getRegistryUrlFromTestEnv();
+      return registryUrl !== undefined ? [registryUrl] : [];
+    },
+
+    isRegistryEnabled,
+  };
+}

x-pack/test/common/services/security_solution/index.ts

@@ -6,3 +6,5 @@
  */
 
 export * from './roles_users_utils';
+export * from './endpoint_data_stream_helpers';
+export * from './endpoint_registry_helpers';