[Security Solution] Integration tests for rule type field diff algo…

…rithms (elastic#193375) ## Summary Completes elastic#190482 Switches rule `type` field to use the implemented diff algorithms assigned to them in elastic#193369 Adds integration tests in accordance to elastic#193372 for the `upgrade/_review` API endpoint for the rule `type` field diff algorithm. Also fixes some nested bracket misalignment that occurred in earlier PRs with some test files ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kapral18 · Oct 8, 2024 · e119d83 · e119d83
1 parent 1053493
commit e119d83
Show file tree

Hide file tree

Showing 8 changed files with 1,045 additions and 681 deletions.
diff --git a/.../lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts b/.../lib/detection_engine/prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff.ts
@@ -47,6 +47,7 @@ import {
   kqlQueryDiffAlgorithm,
   eqlQueryDiffAlgorithm,
   esqlQueryDiffAlgorithm,
+  ruleTypeDiffAlgorithm,
 } from './algorithms';
 
 const BASE_TYPE_ERROR = `Base version can't be of different rule type`;
@@ -212,7 +213,7 @@ const calculateCustomQueryFieldsDiff = (
 };
 
 const customQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableCustomQueryFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
@@ -225,7 +226,7 @@ const calculateSavedQueryFieldsDiff = (
 };
 
 const savedQueryFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableSavedQueryFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
@@ -238,7 +239,7 @@ const calculateEqlFieldsDiff = (
 };
 
 const eqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEqlFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   eql_query: eqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   event_category_override: singleLineStringDiffAlgorithm,
@@ -254,7 +255,7 @@ const calculateEsqlFieldsDiff = (
 };
 
 const esqlFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableEsqlFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   esql_query: esqlQueryDiffAlgorithm,
   alert_suppression: simpleDiffAlgorithm,
 };
@@ -266,7 +267,7 @@ const calculateThreatMatchFieldsDiff = (
 };
 
 const threatMatchFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThreatMatchFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   threat_query: kqlQueryDiffAlgorithm,
@@ -284,7 +285,7 @@ const calculateThresholdFieldsDiff = (
 };
 
 const thresholdFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableThresholdFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   threshold: simpleDiffAlgorithm,
@@ -299,7 +300,7 @@ const calculateMachineLearningFieldsDiff = (
 
 const machineLearningFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableMachineLearningFields> =
   {
-    type: simpleDiffAlgorithm,
+    type: ruleTypeDiffAlgorithm,
     machine_learning_job_id: simpleDiffAlgorithm,
     anomaly_threshold: numberDiffAlgorithm,
     alert_suppression: simpleDiffAlgorithm,
@@ -312,7 +313,7 @@ const calculateNewTermsFieldsDiff = (
 };
 
 const newTermsFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableNewTermsFields> = {
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
   kql_query: kqlQueryDiffAlgorithm,
   data_source: dataSourceDiffAlgorithm,
   new_terms_fields: scalarArrayDiffAlgorithm,
@@ -336,5 +337,5 @@ const allFieldsDiffAlgorithms: FieldsDiffAlgorithmsFor<DiffableAllFields> = {
   ...thresholdFieldsDiffAlgorithms,
   ...machineLearningFieldsDiffAlgorithms,
   ...newTermsFieldsDiffAlgorithms,
-  type: simpleDiffAlgorithm,
+  type: ruleTypeDiffAlgorithm,
 };
diff --git a/..._response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts b/..._response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts
@@ -17,6 +17,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
     loadTestFile(require.resolve('./upgrade_prebuilt_rules'));
     loadTestFile(require.resolve('./upgrade_prebuilt_rules_with_historical_versions'));
     loadTestFile(require.resolve('./fleet_integration'));
+    loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.rule_type_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.number_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.single_line_string_fields'));
     loadTestFile(require.resolve('./upgrade_review_prebuilt_rules.scalar_array_fields'));

diff --git a/.../management/trial_license_complete_tier/upgrade_review_prebuilt_rules.kql_query_fields.ts b/.../management/trial_license_complete_tier/upgrade_review_prebuilt_rules.kql_query_fields.ts
@@ -199,12 +199,12 @@ export default ({ getService }: FtrProviderContext): void => {
             });
 
             expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(1); // `version` is considered an updated field
-            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(0);
-            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(0);
+            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1); // `type` is considered to be a conflict
+            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);
 
             expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
-            expect(reviewResponse.stats.num_rules_with_conflicts).toBe(0);
-            expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
+            expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
+            expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(1);
           });
         });
 
@@ -273,12 +273,12 @@ export default ({ getService }: FtrProviderContext): void => {
             });
 
             expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(1); // `version` is considered an updated field
-            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(0);
-            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(0);
+            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1); // `type` is considered to be a conflict
+            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);
 
             expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
-            expect(reviewResponse.stats.num_rules_with_conflicts).toBe(0);
-            expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(0);
+            expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);
+            expect(reviewResponse.stats.num_rules_with_non_solvable_conflicts).toBe(1);
           });
         });
       });
@@ -611,9 +611,9 @@ export default ({ getService }: FtrProviderContext): void => {
               has_base_version: true,
             });
 
-            expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(2); // `version` is considered an updated field
-            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(1);
-            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(1);
+            expect(reviewResponse.rules[0].diff.num_fields_with_updates).toBe(2); // `version` is also considered an updated field
+            expect(reviewResponse.rules[0].diff.num_fields_with_conflicts).toBe(2); // `type` is also considered to be a conflict
+            expect(reviewResponse.rules[0].diff.num_fields_with_non_solvable_conflicts).toBe(2);
 
             expect(reviewResponse.stats.num_rules_to_upgrade_total).toBe(1);
             expect(reviewResponse.stats.num_rules_with_conflicts).toBe(1);