Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add endpoint exception creation API validation #71791

Merged
merged 1 commit into from
Jul 15, 2020
Merged

Add endpoint exception creation API validation #71791

merged 1 commit into from
Jul 15, 2020

Conversation

marshallmain
Copy link
Contributor

Summary

This PR adds validation that prevents any endpoint exceptions from being created on fields that we know won't work. It also prevents endpoint exceptions from being created with any list entries. Finally, it adds the first api integration tests for the lists plugin to test the new validation.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@marshallmain marshallmain added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Response Endpoint Response Team v7.9.0 labels Jul 14, 2020
@marshallmain marshallmain requested review from a team as code owners July 14, 2020 23:21
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-response (Team:Endpoint Response)

FrankHassanabad
FrankHassanabad approved these changes Jul 15, 2020
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the validation stuff.

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules·ts.detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: add_prepackaged_rules
[00:00:00]             └-> "before all" hook
[00:00:00]             └-: creating prepackaged rules
[00:00:00]               └-> "before all" hook
[00:00:00]               └-> should contain two output keys of rules_installed and rules_updated
[00:00:00]                 └-> "before each" hook: global before each
[00:00:00]                 └-> "before each" hook
[00:00:00]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding index lifecycle policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:00]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:00]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:01]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.kibana_1/FYCet130SwiUhOjKxQwLhw] update_mapping [_doc]
[00:00:03]                 └- ✓ pass  (2.7s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should contain two output keys of rules_installed and rules_updated"
[00:00:03]               └-> "after each" hook
[00:00:03]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001/8uU-6Z_BQAahPSa4jtDFtw] deleting index
[00:00:03]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] removing template [.siem-signals-default]
[00:00:03]               └-> should create the prepackaged rules and return a count greater than zero
[00:00:03]                 └-> "before each" hook: global before each
[00:00:03]                 └-> "before each" hook
[00:00:03]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding index lifecycle policy [.siem-signals-default]
[00:00:04]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:04]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:04]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:04]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:06]                 └- ✓ pass  (2.1s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules and return a count greater than zero"
[00:00:06]               └-> "after each" hook
[00:00:06]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001/RcpQOdKDRyiJgv24bNIzig] deleting index
[00:00:06]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] removing template [.siem-signals-default]
[00:00:06]               └-> should create the prepackaged rules that the rules_updated is of size zero
[00:00:06]                 └-> "before each" hook: global before each
[00:00:06]                 └-> "before each" hook
[00:00:06]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding index lifecycle policy [.siem-signals-default]
[00:00:06]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:06]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:06]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:06]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:06]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:08]                 └- ✓ pass  (1.7s) "detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should create the prepackaged rules that the rules_updated is of size zero"
[00:00:08]               └-> "after each" hook
[00:00:08]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001/Orv-5t8BRK6vOhKSw3_Kqg] deleting index
[00:00:08]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] removing template [.siem-signals-default]
[00:00:08]               └-> should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:08]                 └-> "before each" hook: global before each
[00:00:08]                 └-> "before each" hook
[00:00:08]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding index lifecycle policy [.siem-signals-default]
[00:00:08]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:09]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:09]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:09]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xl-1594768945554544304] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:10]                 └- ✖ fail: detection engine api security and spaces enabled add_prepackaged_rules creating prepackaged rules should be possible to call the API twice and the second time the number of rules installed should be zero
[00:00:10]                 │       Error: expected 1 to sort of equal 0
[00:00:10]                 │       + expected - actual
[00:00:10]                 │ 
[00:00:10]                 │       -1
[00:00:10]                 │       +0
[00:00:10]                 │       
[00:00:10]                 │       at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
[00:00:10]                 │       at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
[00:00:10]                 │       at Context.it (test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts:99:41)
[00:00:10]                 │ 
[00:00:10]                 │

Stack Trace

{ Error: expected 1 to sort of equal 0
    at Assertion.assert (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/packages/kbn-expect/expect.js:244:8)
    at Context.it (test/detection_engine_api_integration/security_and_spaces/tests/add_prepackaged_rules.ts:99:41) actual: '1', expected: '0', showDiff: true }

Build metrics

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@marshallmain marshallmain merged commit c5e39a2 into elastic:master Jul 15, 2020
@marshallmain marshallmain deleted the endpoint-exception-validation branch July 15, 2020 02:25
@marshallmain marshallmain mentioned this pull request Jul 15, 2020
Merged
patrykkopycinski pushed a commit that referenced this pull request Jul 15, 2020
@marshallmain @elasticmachine
Add endpoint exception creation API validation (#71791) (#71805)
69eaa54 
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 15, 2020
@gmmorris
Merge branch 'master' into alerting/consumer-based-rbac
6b090eb 
* master: (82 commits)
  Fixed the spacing of child accordion items for policy response dialog. (elastic#71677)
  [SECURITY] Timeline bug 7.9 (elastic#71748)
  use fixed isChromeVisible method (elastic#71813)
  [SIEM][Detection Engine][Lists] Adds specific endpoint_list REST API and API for abilities to auto-create the endpoint_list if it gets deleted (elastic#71792)
  [test] Skips flaky Saved Objects Management test
  [APM] Remove watcher integration (elastic#71655)
  [APM] Increase `xpack.apm.ui.transactionGroupBucketSize` (elastic#71661)
  [test] Skips Ingest Manager test preventing ES promotion
  [test] Skips flaky detection engine tests
  Revert "re-fix navigate path for master add SAML login to login_page (elastic#71337)"
  [tests] Temporarily skipped Fleet tests
  [test] Skipped monitoring test
  [Security Solution][Detections] Associate Endpoint Exceptions List to Rule during rule creation/update (elastic#71794)
  Add endpoint exception creation API validation (elastic#71791)
  Skip jest tests that timeout waiting for react (elastic#71801)
  [Security Solution][Exceptions] - Adds filtering to endpoint index patterns by exceptional fields (elastic#71757)
  [Reporting] Re-delete a file (elastic#71730)
  [Security Solution] [Detections] Fixes bug for determining when we hit max signals after filtering with lists (elastic#71768)
  [Ingest Manager] Better display of Fleet requirements (elastic#71686)
  [tests] Temporarily skipped to promote snapshot
  ...
@spong spong mentioned this pull request Nov 26, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dplumlee dplumlee dplumlee approved these changes

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

@peluja1012 peluja1012 peluja1012 approved these changes

Assignees
No one assigned
Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Response Endpoint Response Team v7.9.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@marshallmain @elasticmachine @kibanamachine @peluja1012 @FrankHassanabad @dplumlee