[SIEM][Detection Engine] Backend end-to-end tests #57166
Conversation
FrankHassanabad
changed the title
|
Pinging @elastic/siem (Team:SIEM) |
There was a problem hiding this comment.
Submitting these comments as general feedback. I'll defer to @dhurley14 for approval of the e2e tests as I mainly reviewed the errors changes, and nothing I saw seemed blocking.
| @@ -30,12 +29,6 @@ import { KibanaRequest } from '../../../../../../../../../src/core/server'; | |||
|
|
|||
| type PromiseFromStreams = ImportRuleAlertRest | Error; | |||
|
|
|||
| /* | |||
| * We were getting some error like that possible EventEmitter memory leak detected | |||
| * So we decide to batch the update by 10 to avoid any complication in the node side | |||
There was a problem hiding this comment.
Is this no longer relevant to that constant? If not, do we still need the constant?
There was a problem hiding this comment.
I think we do as that acts as a throttle for how many to send at a time.
There was a problem hiding this comment.
I just took the comments of this out of the file as I did not feel it was appropriate anymore as that EventEmitter issue is a global warning and does not have anything to do with any particular section of code such as this. (I get it at startup now)
x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/utils.ts
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/utils.ts
Outdated
Show resolved
Hide resolved
| @@ -42,11 +41,22 @@ export const createReadIndexRoute = (server: ServerFacade): Hapi.ServerRoute => | |||
| if (request.method.toLowerCase() === 'head') { | |||
| return headers.response().code(404); | |||
| } else { | |||
| return new Boom('index for this space does not exist', { statusCode: 404 }); | |||
| return headers | |||
There was a problem hiding this comment.
In NP, this is going to look like:
return response.notFound({ body: 'message' });
// OR
return response.notFound({
body: {
message: 'message',
attributes: {
other: 'stuff',
},
},
});
// OR
return response.customError({
statusCode: 404,
body: {
message: 'message',
attributes: {
other: 'stuff',
},
},
});so these are all going to have to change again. I don't think it's worthwhile to put these in a helper or anything, but just an FYI in case it might inform future decisions.
There was a problem hiding this comment.
Is any of that available yet for the back-port 7.6.1 or no?
If not, we can change again after this is merged for 7.x and master to move forward and hopefully not get many other bug fixes for 7.6.1
There was a problem hiding this comment.
It's available on NP (we're using it for our graphQL stuff), but detections routes are still blocked until we can access the alerting client from NP.
x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/delete_rules_bulk_route.ts
Show resolved
Hide resolved
| @@ -166,7 +164,7 @@ export const createImportRulesRoute = (server: ServerFacade): Hapi.ServerRoute = | |||
| alertsClient, | |||
| actionsClient, | |||
| description, | |||
| enabled: false, | |||
| enabled, | |||
There was a problem hiding this comment.
We are allowing rules to be enabled on import now? Just an observation.
There was a problem hiding this comment.
Yes, I don't know when this bug was introduced.
If you think about it, it would be a bug and not a feature because when I decide to do an import with "overwrite" set to true and then see all of my current running rules suddenly being disabled I would immediately look at my exported file and notice that the ones I wanted to be turned on are actually turned on in the file I am trying to import. I would begin to wonder why the import feature is turning off my rules when I put into the import file that I wanted to have some of them enabled when I do an import.
Perhaps I am writing automation scripts to import rules between spaces using the API (for example) and need the import to do as it is told exactly. Maybe I am changing the rules before importing through python scripts, etc... At that point I need the import to do exactly as it is told to do.
If we want the user to think about which rules they want to be enabled or disabled or to warn them (at some point) that they have exported rules that are enabled it would be on the export feature that we would warn them and ask them if they want to disable all of the rules before exporting them and add a query parameter to the export to support that. Where the rules are not disabled in their environment runtime but rather have enabled: false when exported as a connivence for them.
Then their ndjson file would be a "source of truth" on import and the import would work ok and if they're versioning their saved ndjson files they have confidence they work as they are see in their github repo's.
If they come back to us with this change and tell us they were expecting that imported rules that have enabled: true to actually all be enabled: false on forums, the fix is for them to just open their imports and change them all to be false or to disable the rules before exporting which I think is the correct path forward.
| @@ -160,7 +160,7 @@ export const deleteRules = async ({ ids }: DeleteRulesProps): Promise<Array<Rule | |||
| const response = await KibanaServices.get().http.fetch<Rule[]>( | |||
| `${DETECTION_ENGINE_RULES_URL}/_bulk_delete`, | |||
| { | |||
| method: 'PUT', | |||
| method: 'DELETE', | |||
There was a problem hiding this comment.
Looks like I had forgot to update this verb as part of #54521 -- thanks for this cleanup! 🙂
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
) * [SIEM][Detection Engine] Backend end-to-end tests * Adds end to end integration tests * Fixes a bug with import where on imports it was forcing all rules that were being imported to be set to be "enabled: false" instead of honoring what the original export has set for its enabled. * Adds a few "to be safe" await block so that the front end does not get a race condition within the bulk deletes and other parts of the code. * Fixes `statusCode` to be `status_code` and removes most of the Hapi Boomer errors * Changes PUT to be PATCH for partial updates * Adds true updates with PUT * Put some TODO blocks around existing bugs found in the API in the e2e tests that we might have time to get to or might not. This will let others maintaining the tests know that once they fix the bug they should update the end to end test to change the behavior. Testing this: Go to the latest CI logs and look for any particular lines from the test executing such as: ```ts should set the response content types to be expected ``` Also run this manually on your machine through this command: ```ts node scripts/functional_tests --config x-pack/test/detection_engine_api_integration/security_and_spaces/config.ts ``` Change a test manually and re-run the above command to watch something fail. Screen shot of what you should see on the CI machine when these are running: <img width="1825" alt="Screen Shot 2020-02-08 at 10 15 21 AM" src="https://user-images.githubusercontent.com/1151048/74089355-ae9a8e80-4a5d-11ea-9050-86e68d7e3bba.png"> Delete any items that are not applicable to this PR. ~~- [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~~ ~~- [ ] [Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~~ - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios ~~- [ ] This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~~ ~~- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)~~ ~~- [ ] This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~~ - [x] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) * Removed key not used for end to end tests for 7.6 Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Summary
statusCodeto bestatus_codeand removes most of the Hapi Boomer errorsTesting this:
Go to the latest CI logs and look for any particular lines from the test executing such as:
Also run this manually on your machine through this command:
Change a test manually and re-run the above command to watch something fail.
Screen shot of what you should see on the CI machine when these are running:
Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support- [ ] Documentation was added for features that require explanation or tutorials- [ ] This was checked for keyboard-only and screenreader accessibility- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this in your browser- [ ] This was checked for cross-browser compatibility, including a check against IE11For maintainers