Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cloud Security] Refactoring tests #195675

Merged
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -6,59 +6,13 @@
*/

import type { Agent as SuperTestAgent } from 'supertest';
import { Client } from '@elastic/elasticsearch';
import expect from '@kbn/expect';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type { IndexDetails } from '@kbn/cloud-security-posture-common';
import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants';
import { SecurityService } from '@kbn/ftr-common-functional-ui-services';
import { RoleCredentials } from '@kbn/ftr-common-functional-services';

export const deleteIndex = async (es: Client, indexToBeDeleted: string[]) => {
return Promise.all([
...indexToBeDeleted.map((indexes) =>
es.deleteByQuery({
index: indexes,
query: {
match_all: {},
},
ignore_unavailable: true,
refresh: true,
})
),
]);
};

export const bulkIndex = async <T>(es: Client, findingsMock: T[], indexName: string) => {
const operations = findingsMock.flatMap((finding) => [
{ create: { _index: indexName } }, // Action description
{
...finding,
'@timestamp': new Date().toISOString(),
}, // Data to index
]);

await es.bulk({
body: operations, // Bulk API expects 'body' for operations
refresh: true,
});
};

export const addIndex = async <T>(es: Client, findingsMock: T[], indexName: string) => {
await Promise.all([
...findingsMock.map((finding) =>
es.index({
index: indexName,
body: {
...finding,
'@timestamp': new Date().toISOString(),
},
refresh: true,
})
),
]);
};

export async function createPackagePolicy(
supertest: SuperTestAgent,
agentPolicyId: string,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,10 @@ import {
LATEST_FINDINGS_INDEX_DEFAULT_NS,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
import { generateAgent } from '../../../../fleet_api_integration/helpers';
import { FtrProviderContext } from '../../../ftr_provider_context';
import { deleteIndex, createPackagePolicy } from '../helper';

const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];
import { createPackagePolicy } from '../helper';

const currentTimeMinusFourHours = new Date(Date.now() - 21600000).toISOString();
const currentTimeMinusTenMinutes = new Date(Date.now() - 600000).toISOString();
Expand All @@ -35,6 +29,13 @@ export default function (providerContext: FtrProviderContext) {
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const fleetAndAgents = getService('fleetAndAgents');
const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS);
const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS);
const cdrVulnerabilitiesIndex = new EsIndexDataProvider(
es,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
);

describe('GET /internal/cloud_security_posture/status', () => {
let agentPolicyId: string;
Expand Down Expand Up @@ -84,12 +85,20 @@ export default function (providerContext: FtrProviderContext) {
.expect(200);
await generateAgent(providerContext, 'healthy', `Agent policy test 2`, agentPolicyId);

await deleteIndex(es, INDEX_ARRAY);
await findingsIndex.deleteAll();
await latestFindingsIndex.deleteAll();
await vulnerabilitiesIndex.deleteAll();
await cdrVulnerabilitiesIndex.deleteAll();
});

afterEach(async () => {
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');

await findingsIndex.deleteAll();
await latestFindingsIndex.deleteAll();
await vulnerabilitiesIndex.deleteAll();
await cdrVulnerabilitiesIndex.deleteAll();
});

it(`Should return index-timeout when installed kspm, has findings only on logs-cloud_security_posture.findings-default* and it has been more than 10 minutes since the installation`, async () => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,28 +8,25 @@ import expect from '@kbn/expect';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { LATEST_FINDINGS_INDEX_DEFAULT_NS } from '@kbn/cloud-security-posture-plugin/common/constants';
import { FtrProviderContext } from '../../../ftr_provider_context';
import { deleteIndex, addIndex, createPackagePolicy } from '../helper';
import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
import { createPackagePolicy } from '../helper';
import { findingsMockData, vulnerabilityMockData } from '../mock_data';

const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];

export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const supertest = getService('supertest');
const es = getService('es');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const latestFindingsIndex = new EsIndexDataProvider(es, LATEST_FINDINGS_INDEX_DEFAULT_NS);
const latestVulnerabilitiesIndex = new EsIndexDataProvider(
es,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN
);
const mock3PIndex = 'security_solution-mock-3p-integration.misconfiguration_latest';
const _3pIndex = new EsIndexDataProvider(es, mock3PIndex);

describe('GET /internal/cloud_security_posture/status', () => {
let agentPolicyId: string;
Expand All @@ -50,19 +47,21 @@ export default function (providerContext: FtrProviderContext) {

agentPolicyId = agentPolicyResponse.item.id;

await deleteIndex(es, INDEX_ARRAY);
await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN);
await latestFindingsIndex.deleteAll();
await latestVulnerabilitiesIndex.deleteAll();
await _3pIndex.deleteAll();
});

afterEach(async () => {
await deleteIndex(es, INDEX_ARRAY);
await latestFindingsIndex.deleteAll();
await latestVulnerabilitiesIndex.deleteAll();
await _3pIndex.deleteAll();
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
});

it(`Return hasMisconfigurationsFindings true when there are latest findings but no installed integrations`, async () => {
await addIndex(es, findingsMockData, LATEST_FINDINGS_INDEX_DEFAULT_NS);
await latestFindingsIndex.addBulk(findingsMockData);

const { body: res }: { body: CspSetupStatus } = await supertest
.get(`/internal/cloud_security_posture/status`)
Expand All @@ -77,9 +76,7 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return hasMisconfigurationsFindings true when there are only findings in third party index`, async () => {
await deleteIndex(es, INDEX_ARRAY);
const mock3PIndex = 'security_solution-mock-3p-integration.misconfiguration_latest';
await addIndex(es, findingsMockData, mock3PIndex);
await _3pIndex.addBulk(findingsMockData);

const { body: res }: { body: CspSetupStatus } = await supertest
.get(`/internal/cloud_security_posture/status`)
Expand All @@ -91,13 +88,9 @@ export default function (providerContext: FtrProviderContext) {
true,
`expected hasMisconfigurationsFindings to be true but got ${res.hasMisconfigurationsFindings} instead`
);

await deleteIndex(es, [mock3PIndex]);
});

it(`Return hasMisconfigurationsFindings false when there are no findings`, async () => {
await deleteIndex(es, INDEX_ARRAY);

const { body: res }: { body: CspSetupStatus } = await supertest
.get(`/internal/cloud_security_posture/status`)
.set(ELASTIC_HTTP_VERSION_HEADER, '1')
Expand All @@ -111,6 +104,8 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return kspm status indexed when logs-cloud_security_posture.findings_latest-default contains new kspm documents`, async () => {
await latestFindingsIndex.addBulk(findingsMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand All @@ -133,6 +128,8 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return cspm status indexed when logs-cloud_security_posture.findings_latest-default contains new cspm documents`, async () => {
await latestFindingsIndex.addBulk(findingsMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand All @@ -155,6 +152,8 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return vuln status indexed when logs-cloud_security_posture.vulnerabilities_latest-default contains new documents`, async () => {
await latestVulnerabilitiesIndex.addBulk(vulnerabilityMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,29 +7,23 @@
import expect from '@kbn/expect';
import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common';
import type { CspSetupStatus } from '@kbn/cloud-security-posture-common';
import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
import {
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
VULNERABILITIES_INDEX_DEFAULT_NS,
} from '@kbn/cloud-security-posture-plugin/common/constants';
import { FtrProviderContext } from '../../../ftr_provider_context';
import { deleteIndex, addIndex, createPackagePolicy } from '../helper';
import { EsIndexDataProvider } from '../../../../cloud_security_posture_api/utils';
import { createPackagePolicy } from '../helper';
import { findingsMockData, vulnerabilityMockData } from '../mock_data';

const INDEX_ARRAY = [
FINDINGS_INDEX_DEFAULT_NS,
LATEST_FINDINGS_INDEX_DEFAULT_NS,
CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN,
VULNERABILITIES_INDEX_DEFAULT_NS,
];

export default function (providerContext: FtrProviderContext) {
const { getService } = providerContext;
const supertest = getService('supertest');
const es = getService('es');
const esArchiver = getService('esArchiver');
const kibanaServer = getService('kibanaServer');
const findingsIndex = new EsIndexDataProvider(es, FINDINGS_INDEX_DEFAULT_NS);
const vulnerabilitiesIndex = new EsIndexDataProvider(es, VULNERABILITIES_INDEX_DEFAULT_NS);

describe('GET /internal/cloud_security_posture/status', () => {
let agentPolicyId: string;
Expand All @@ -49,18 +43,20 @@ export default function (providerContext: FtrProviderContext) {
});

agentPolicyId = agentPolicyResponse.item.id;
await deleteIndex(es, INDEX_ARRAY);
await addIndex(es, findingsMockData, FINDINGS_INDEX_DEFAULT_NS);
await addIndex(es, vulnerabilityMockData, VULNERABILITIES_INDEX_DEFAULT_NS);
await findingsIndex.deleteAll();
await vulnerabilitiesIndex.deleteAll();
});

afterEach(async () => {
await deleteIndex(es, INDEX_ARRAY);
await findingsIndex.deleteAll();
await vulnerabilitiesIndex.deleteAll();
await kibanaServer.savedObjects.cleanStandardList();
await esArchiver.unload('x-pack/test/functional/es_archives/fleet/empty_fleet_server');
});

it(`Return kspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new kspm documents, but has newly connected agents`, async () => {
await findingsIndex.addBulk(findingsMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand All @@ -83,6 +79,8 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return cspm status indexing when logs-cloud_security_posture.findings_latest-default doesn't contain new cspm documents, but has newly connected agents `, async () => {
await findingsIndex.addBulk(findingsMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand All @@ -105,6 +103,8 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return vuln status indexing when logs-cloud_security_posture.vulnerabilities_latest-default doesn't contain vuln new documents, but has newly connected agents`, async () => {
await vulnerabilitiesIndex.addBulk(vulnerabilityMockData);

await createPackagePolicy(
supertest,
agentPolicyId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ import {
createCSPOnlyRole,
deleteRole,
deleteUser,
deleteIndex,
assertIndexStatus,
} from '../helper';

Expand All @@ -32,7 +31,6 @@ export default function (providerContext: FtrProviderContext) {
const supertest = getService('supertest');
const supertestWithoutAuth = getService('supertestWithoutAuth');
const esArchiver = getService('esArchiver');
const es = getService('es');
const kibanaServer = getService('kibanaServer');
const security = getService('security');

Expand Down Expand Up @@ -171,7 +169,6 @@ export default function (providerContext: FtrProviderContext) {
});

it(`Return unprivileged when missing access to score index`, async () => {
await deleteIndex(es, [BENCHMARK_SCORE_INDEX_DEFAULT_NS]);
await createCSPOnlyRole(security, UNPRIVILEGED_ROLE, BENCHMARK_SCORE_INDEX_DEFAULT_NS);
await createUser(security, UNPRIVILEGED_USERNAME, UNPRIVILEGED_ROLE);

Expand Down
7 changes: 5 additions & 2 deletions x-pack/test/cloud_security_posture_api/utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,13 +44,16 @@ export class EsIndexDataProvider {
this.index = index;
}

addBulk(docs: Array<Record<string, any>>, overrideTimestamp = true) {
async addBulk(docs: Array<Record<string, any>>, overrideTimestamp = true) {
const operations = docs.flatMap((doc) => [
{ index: { _index: this.index } },
{ ...doc, ...(overrideTimestamp ? { '@timestamp': new Date().toISOString() } : {}) },
]);

return this.es.bulk({ refresh: 'wait_for', index: this.index, operations });
const resp = await this.es.bulk({ refresh: 'wait_for', index: this.index, operations });
expect(resp.errors).length(0, `Error in bulk indexing: ${JSON.stringify(resp)}`);

return resp;
}

async deleteAll() {
Expand Down
Loading