[Security Solution] Tests for prebuilt rule import/export workflow

[banderror]

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Write test plans (one or a few) and create a comprehensive suite of automated tests for the workflow of exporting and importing prebuilt rules.

Please note that test plans for prebuilt rule export and import have been already written in #191116, and there is already test coverage for that. What I would like us to do is to review the existing plans, the tests, compare them with the cases described in the RFC, think about any other edge cases, audit the existing plans and coverage, and add anything that's missing.

Features to cover:

• Export
  • Exporting custom, prebuilt customized, and prebuilt non-customized rules
  • Exporting from the Rule Details page
  • Exporting from the Rule Management page (single and bulk export)
• Import
  • Importing custom, prebuilt customized, and prebuilt non-customized rules
  • Importing from the Rule Management page
  • Importing when prebuilt rules are not installed yet
  • Importing when prebuilt rules are already installed
  • Importing current versions, older versions, newer versions, non-existing versions (edge cases)
  • Importing rules with known and unknown rule_id's (edge cases)
  • Converting custom rules to prebuilt rules on upgrade (edge case)

Please cover both the features under the feature flag turned ON and OFF.

Related tickets

Related functional tickets to cover with tests:

• [Security Solution] Allow exporting prebuilt rules at the API level #180167
• [Security Solution] Allow importing prebuilt rules at the API level #180168
• [Security Solution] Support exporting prebuilt rules from the Rule Management page #180173
• [Security Solution] Support exporting prebuilt rules from the Rule Details page #180176

Related bugs to cover with tests:

• [Security Solution] Users can import custom rules with rule_id equal to that of a not-installed prebuilt rule #180198
• Anything else from Milestone 3 bugs under the corresponding section

TODO

• Come up with a plan for working on this ticket and share with the team
• Test plans
  • PR link
• Test coverage
  • PR link

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[banderror]

@jpdjere Please check this ticket and prioritize working on it after #202078. Before writing any tests and test plans, review what we already have and try to plan your work and share the plan with me and the team, so we could give feedback on the scope, approach, etc.

[banderror]

cc @pborgonovi

[banderror]

@jpdjere Just FYI that we discussed with the team that @dplumlee could work on it and would probably start working on it sooner. Reassigned the ticket to Davis.