[Cloud Security] Metering integration tests

package.json

@@ -948,6 +948,7 @@
     "@mapbox/mapbox-gl-rtl-text": "0.2.3",
     "@mapbox/mapbox-gl-supported": "2.0.1",
     "@mapbox/vector-tile": "1.3.1",
+    "@mswjs/http-middleware": "^0.10.1",
     "@opentelemetry/api": "^1.1.0",
     "@opentelemetry/api-metrics": "^0.31.0",
     "@opentelemetry/exporter-metrics-otlp-grpc": "^0.34.0",

x-pack/plugins/security_solution_serverless/server/cloud_security/defend_for_containers_metering.ts

@@ -76,7 +76,8 @@ export const getUsageRecords = async (
             {
               range: {
                 'event.ingested': {
-                  gt: searchFrom.toISOString(),
+                  //  gt: searchFrom.toISOString(), Tech debt: https://github.com/elastic/security-team/issues/9895
+                  gte: `now-30m`,
                 },
               },
             },

x-pack/plugins/security_solution_serverless/server/common/services/usage_reporting_service.ts

@@ -19,11 +19,13 @@ export class UsageReportingService {
     records: UsageRecord[],
     url = USAGE_SERVICE_USAGE_URL
   ): Promise<Response> {
+    const isHttps = url.includes('https');
+
     return fetch(url, {
       method: 'post',
       body: JSON.stringify(records),
       headers: { 'Content-Type': 'application/json' },
-      agent,
+      agent: isHttps ? agent : undefined, // Conditionally add agent if URL is HTTPS for supporting integration tests.
     });
   }
 }

x-pack/plugins/security_solution_serverless/server/config.ts

@@ -17,11 +17,17 @@ export const configSchema = schema.object({
   enabled: schema.boolean({ defaultValue: false }),
   productTypes,
   /**
-   * Usage Reporting: the interval between runs of the task
+   * Usage Reporting: the interval between runs of the endpoint task
    */
 
   usageReportingTaskInterval: schema.string({ defaultValue: '5m' }),
 
+  /**
+   * Usage Reporting: the interval between runs of the cloud security task
+   */
+
+  cloudSecurityUsageReportingTaskInterval: schema.string({ defaultValue: '30m' }),
+
   /**
    * Usage Reporting: timeout value for how long the task should run.
    */

x-pack/plugins/security_solution_serverless/server/plugin.ts

@@ -113,7 +113,7 @@ export class SecuritySolutionServerlessPlugin
     this.cloudSecurityUsageReportingTask
       ?.start({
         taskManager: pluginsSetup.taskManager,
-        interval: cloudSecurityMetringTaskProperties.interval,
+        interval: this.config.cloudSecurityUsageReportingTaskInterval,
       })
       .catch(() => {});
 

x-pack/test/api_integration/apis/cloud_security_posture/helper.ts

@@ -145,6 +145,76 @@ export async function createPackagePolicy(
   return postPackageResponse.item;
 }
 
+export async function createCloudDefendPackagePolicy(
+  supertest: SuperTestAgent,
+  agentPolicyId: string,
+  roleAuthc?: RoleCredentials,
+  internalRequestHeader?: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }
+) {
+  const version = '1.2.5';
+  const installationPayload = {
+    policy_id: agentPolicyId,
+    package: {
+      name: 'cloud_defend',
+      version,
+    },
+    name: 'cloud_defend-1',
+    description: '',
+    namespace: 'default',
+    inputs: {
+      'cloud_defend-cloud_defend/control': {
+        enabled: true,
+        vars: {
+          configuration:
+            'process:\n  selectors:\n    - name: allProcesses\n      operation: [fork, exec]\n  responses:\n    - match: [allProcesses]\n      actions: [log]\nfile:\n  selectors:\n    - name: executableChanges\n      operation: [createExecutable, modifyExecutable]\n  responses:\n    - match: [executableChanges]\n      actions: [alert]\n',
+        },
+        streams: {
+          'cloud_defend.alerts': {
+            enabled: true,
+          },
+          'cloud_defend.file': {
+            enabled: true,
+          },
+          'cloud_defend.heartbeat': {
+            enabled: true,
+            vars: {
+              period: '30m',
+            },
+          },
+          'cloud_defend.metrics': {
+            enabled: true,
+            vars: {
+              period: '24h',
+            },
+          },
+          'cloud_defend.process': {
+            enabled: true,
+          },
+        },
+      },
+    },
+    force: true,
+  };
+
+  const { body: postPackageResponse } =
+    roleAuthc && internalRequestHeader
+      ? await supertest
+          .post(`/api/fleet/package_policies`)
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+          .set(internalRequestHeader)
+          .set(roleAuthc.apiKeyHeader)
+          .send(installationPayload)
+          .expect(200)
+      : await supertest
+          .post(`/api/fleet/package_policies`)
+          .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31')
+          .set('kbn-xsrf', 'xxxx')
+          .send(installationPayload)
+          .expect(200);
+
+  return postPackageResponse.item;
+}
+
 export const createUser = async (security: SecurityService, userName: string, roleName: string) => {
   await security.user.create(userName, {
     password: 'changeme',

x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/index.ts

@@ -17,6 +17,7 @@ export default function ({ loadTestFile }: FtrProviderContext) {
     loadTestFile(require.resolve('./benchmark/v2'));
     loadTestFile(require.resolve('./find_csp_benchmark_rule'));
     loadTestFile(require.resolve('./telemetry'));
+    loadTestFile(require.resolve('./serverless_metering/cloud_security_metering'));
 
     // TODO: migrate status_unprivileged tests from stateful, if it feasible in serverless with the new security model
     // loadTestFile(require.resolve('./status/status_unprivileged'));