Skip to content

Commit

Permalink
[Security Solutions][Detection Engine] Fixes cypress errors by using …
Browse files Browse the repository at this point in the history 
…latest signals mapping (#84600) (#85209)

## Summary

Fixes issues within Cypress whenever developers would re-run tests they could become blocked as some of the tests cause a migration/roll over of the signals.
 
To reproduce the error off of master:

Start Cypress 
```ts
cd ./kibana/x-pack/plugins/security_solution
yarn cypress:open-as-ci
```

Then run the export test twice. The first time it will run ok. The second time the test will refuse to run.

<img width="585" alt="Screen Shot 2020-11-30 at 1 57 24 PM" src="https://user-images.githubusercontent.com/1151048/100683706-2233c200-3336-11eb-949f-48f86e884d8b.png">

The second time that you run the test you will get these errors from Cypress and will be blocked until you do workarounds such as logging into `https://localhost:5620` and manually changing the indexes manually or restarting Cypress altogether.
<img width="1067" alt="Screen Shot 2020-11-30 at 6 05 07 PM" src="https://user-images.githubusercontent.com/1151048/100683945-9a9a8300-3336-11eb-9d49-187dee4fc1dc.png">

What is going on with the errors is that a migration is occurring since the existing signals mapping for the tests are not the newer migrated version and these are creating a new index named `.siem-signals-default-0000002` like so:
<img width="1242" alt="Screen Shot 2020-11-30 at 1 57 12 PM" src="https://user-images.githubusercontent.com/1151048/100684145-fcf38380-3336-11eb-8fe1-b29d3462a1ae.png">

This index is not being cleaned up and when the next time we do an es_archive load we are marking two indexes as being writable


file: x-pack/test/security_solution_cypress/es_archives/alerts/mappings.json
```ts
".siem-signals-default": {
  "is_write_index": true
  }
},
"index": ".siem-signals-default-000001",
```

which leads to the stack trace and the Cypress errors on the front end:

```ts
MacBook-Pro.local] path: /.siem-signals-default-000001, params: {index=.siem-signals-default-000001}
     │      java.lang.IllegalStateException: alias [.siem-signals-default] has more than one write index [.siem-signals-default-000002,.siem-signals-default-000001]
     │          at org.elasticsearch.cluster.metadata.IndexAbstraction$Alias.computeAndValidateAliasProperties(IndexAbstraction.java:276) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
```

This fixes that by updating the mapping and migration number. Each time we migrate/change the signals mapping we will have to perform a PR like this to update each location.

At the moment this is 5 different locations we have to update with the latest mappings.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
  • Loading branch information
@FrankHassanabad @kibanamachine
FrankHassanabad and kibanamachine authored Dec 8, 2020
1 parent e564439 commit e5e8ca3
Show file tree
Hide file tree
Showing 5 changed files with 6,791 additions and 4,666 deletions.
Loading

0 comments on commit e5e8ca3

Please sign in to comment.