Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Integration tests for rule type field diff algorithms #193375

Merged
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ import {
kqlQueryDiffAlgorithm,
eqlQueryDiffAlgorithm,
esqlQueryDiffAlgorithm,
ruleTypeDiffAlgorithm,
} from './algorithms';

const BASE_TYPE_ERROR = `Base version can't be of different rule type`;
Expand Down Expand Up @@ -212,7 +213,7 @@ const calculateCustomQueryFieldsDiff = (
};

const customQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableCustomQueryFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
kql_query: kqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
alert_suppression: simpleDiffAlgorithm,
Expand All @@ -225,7 +226,7 @@ const calculateSavedQueryFieldsDiff = (
};

const savedQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableSavedQueryFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
kql_query: kqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
alert_suppression: simpleDiffAlgorithm,
Expand All @@ -238,7 +239,7 @@ const calculateEqlFieldsDiff = (
};

const eqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEqlFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
eql_query: eqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
event_category_override: singleLineStringDiffAlgorithm,
Expand All @@ -254,7 +255,7 @@ const calculateEsqlFieldsDiff = (
};

const esqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEsqlFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
esql_query: esqlQueryDiffAlgorithm,
alert_suppression: simpleDiffAlgorithm,
};
Expand All @@ -266,7 +267,7 @@ const calculateThreatMatchFieldsDiff = (
};

const threatMatchFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThreatMatchFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
kql_query: kqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
threat_query: kqlQueryDiffAlgorithm,
Expand All @@ -284,7 +285,7 @@ const calculateThresholdFieldsDiff = (
};

const thresholdFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThresholdFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
kql_query: kqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
threshold: simpleDiffAlgorithm,
Expand All @@ -299,7 +300,7 @@ const calculateMachineLearningFieldsDiff = (

const machineLearningFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableMachineLearningFields> =
{
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
machine_learning_job_id: simpleDiffAlgorithm,
anomaly_threshold: numberDiffAlgorithm,
alert_suppression: simpleDiffAlgorithm,
Expand All @@ -312,7 +313,7 @@ const calculateNewTermsFieldsDiff = (
};

const newTermsFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableNewTermsFields> = {
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
kql_query: kqlQueryDiffAlgorithm,
data_source: dataSourceDiffAlgorithm,
new_terms_fields: scalarArrayDiffAlgorithm,
Expand All @@ -336,5 +337,5 @@ const allFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableAllFields> = {
...thresholdFieldsDiffAlgorithms,
...machineLearningFieldsDiffAlgorithms,
...newTermsFieldsDiffAlgorithms,
type: simpleDiffAlgorithm,
type: ruleTypeDiffAlgorithm,
};
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
loadTestFile(require.resolve('./upgrade_prebuilt_rules_with_historical_versions'));
loadTestFile(require.resolve('./fleet_integration'));
loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.rule_type_fields'));
loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.number_fields'));
loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.single_line_string_fields'));
loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.scalar_array_fields'));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -199,12 +199,12 @@ export default ({ getService }: FtrProviderContext): void => {
});

expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(1); // `version` is considered an updated field
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(0);
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(0);
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1); // `type` is considered to be a conflict
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);

expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
expect(reviewResponse.stats.num_rules_with_conflicts).toBe(0);
expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(1);
});
});

Expand Down Expand Up @@ -273,12 +273,12 @@ export default ({ getService }: FtrProviderContext): void => {
});

expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(1); // `version` is considered an updated field
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(0);
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(0);
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1); // `type` is considered to be a conflict
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);

expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
expect(reviewResponse.stats.num_rules_with_conflicts).toBe(0);
expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(1);
});
});
});
Expand Down Expand Up @@ -611,9 +611,9 @@ export default ({ getService }: FtrProviderContext): void => {
has_base_version: true,
});

expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(2); // `version` is considered an updated field
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1);
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);
expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(2); // `version` is also considered an updated field
expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(2); // `type` is also considered to be a conflict
expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(2);

expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
Expand Down
Loading