Add e2e for Attack discovery #182918
Add e2e for Attack discovery #182918
Conversation
…covery-e2e # Conflicts: # yarn.lock
|
/ci |
|
/ci |
…ki/kibana into feat/attack-discovery-e2e
|
/ci |
|
/ci |
…ki/kibana into feat/attack-discovery-e2e
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
patrykkopycinski
requested review from
a team,
MadameSheema,
oatkiller,
maximpn and
banderror
as code owners
| // TODO: add deletion logic | ||
| // for (const index of existingIndices) { | ||
| // await esClient.indices.delete({ index: pattern }); | ||
|
|
||
| // log.info(`Deleted index ${index}`); | ||
| // } |
There was a problem hiding this comment.
Could you explain a bit more why is the index delete logic commented out as a todo?
There was a problem hiding this comment.
it was in the original script we have used locally, but I wasn't sure if it's something we will need in our tests, but just wanted to make sure we don't loose it
There was a problem hiding this comment.
okay, if you know the author of the original script it would be great to find out why this was commented out.
If this is needed we should uncomment it, and if not there's no point in having this checkDeleteIndices function implemented without executing the actual deletion, right now it's called only to log stuff without doing anything.
Just a suggestion to keep the code clean.
…covery-e2e # Conflicts: # x-pack/test/security_solution_cypress/cypress/cypress.config.ts # x-pack/test/security_solution_cypress/cypress/cypress_ci.config.ts # x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless.config.ts # x-pack/test/security_solution_cypress/cypress/cypress_ci_serverless_qa.config.ts # x-pack/test/security_solution_cypress/cypress/cypress_serverless.config.ts
| visitWithTimeRange(ATTACK_DISCOVERY_URL); | ||
| }); | ||
|
|
||
| it.each(Object.keys(kibanaDevConfig['xpack.actions.preconfigured']))('%s', (connectorId) => { |
There was a problem hiding this comment.
If there's no connector configured in the kibana.yml the test crashes in this line with:
> Cannot convert undefined or null to object
Consider defaulting it (?? []) so cypress will tell there's no test to run instead, or maybe check this value and fail more gracefully if it's not defined. wdyt?
💔 Build FailedFailed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
|
@patrykkopycinski looking at the code owners (running |
| filePath: string | ||
| ): { | ||
| ftrConfig: SecuritySolutionDescribeBlockFtrConfig; | ||
| devConfig: boolean; |
There was a problem hiding this comment.
nit: Consider naming this to something that answers a yes/no. devConfig seems like a collection/object but it is a boolean. isDevRun/isDevMode or something like that?
| @@ -90,25 +95,39 @@ export const parseTestFileConfig = (filePath: string): SecuritySolutionDescribeB | |||
| 'key.name', | |||
| 'ftrConfig', | |||
| ]); | |||
| // @ts-expect-error | |||
| const devConfig = _.find(callExpressionProperties?.value?.properties, [ | |||
There was a problem hiding this comment.
nit: Maybe rename this local devConfig to avoid confusion and variable re-declaration TS error?
| const devConfig = _.find(callExpressionProperties?.value?.properties, [ | |
| const _devConfig = _.find(callExpressionProperties?.value?.properties, [ |
| @@ -437,7 +437,7 @@ ${JSON.stringify(cypressConfigFile, null, 2)} | |||
|
|
|||
| const productTypes = isOpen | |||
| ? getProductTypes(tier, endpointAddon, cloudAddon) | |||
| : (parseTestFileConfig(filePath).productTypes as ProductType[]); | |||
| : (parseTestFileConfig(filePath).ftrConfig?.productTypes as ProductType[]); | |||
There was a problem hiding this comment.
Looks like ftrConfig is always present. The productTypes could be undefined which is why it is type casted here.
| : (parseTestFileConfig(filePath).ftrConfig?.productTypes as ProductType[]); | |
| : (parseTestFileConfig(filePath).ftrConfig.productTypes as ProductType[]); |
Summary
Adds e2e tests for Attack discovery. It takes list of preconfigured connectors from
./config/kibana.dev.ymland for each of them is generating Attack discovery and checks if the output is correct (currently just checking if the host provider doesn't contain{, as it was common issue with one of the connectors)To test in open mode run:
To test in run mode:
To load Attack discovery data to the existing instance: