Merge branch 'main' into metricFtr

cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/rule/create_windows_usb_rule.json

@@ -16,7 +16,7 @@
     }
   ],
   "log_source": "",
-  "detection": "selection:\n  EventID:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
+  "detection": "selection:\n  winlog.event_id:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
   "level": "high",
   "false_positives": [
     {

cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_document.json

@@ -1,3 +1,3 @@
 {
-  "EventID": 2003
+  "winlog.event_id": 2003
 }

cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_windows_index_settings.json

@@ -1,7 +1,7 @@
 {
   "mappings": {
     "properties": {
-      "EventID": {
+      "winlog.event_id": {
         "type": "integer"
       },
       "winlog.provider_name": {

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/data_explorer/aaa_before.spec.js

@@ -10,6 +10,7 @@ import { CURRENT_TENANT } from '../../../../../utils/commands';
 describe('Before', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     cy.deleteAllIndices();
     cy.deleteSavedObjectByType('index-pattern');
   });

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/data_explorer/discover.spec.js

@@ -27,6 +27,17 @@ const indexSet = [
 describe('discover app', { scrollBehavior: false }, () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    if (Cypress.env('SECURITY_ENABLED')) {
+      /**
+       * Security plugin is using private tenant as default.
+       * So here we'd need to set global tenant as default manually.
+       */
+      cy.changeDefaultTenant({
+        multitenancy_enabled: true,
+        private_tenant_enabled: true,
+        default_tenant: 'global',
+      });
+    }
     // import logstash functional
     testFixtureHandler.importJSONDocIfNeeded(
       indexSet,

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/data_explorer/discover_advanced_settings.spec.js

@@ -24,6 +24,7 @@ const indexSet = [
 describe('discover_advanced_setting', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     // import logstash functional
     testFixtureHandler.importJSONDocIfNeeded(
       indexSet,

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/data_explorer/index_pattern_without_field.spec.js

@@ -18,6 +18,7 @@ const testFixtureHandler = new TestFixtureHandler(
 describe('index pattern without field spec', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     testFixtureHandler.importJSONMapping(
       'cypress/fixtures/dashboard/opensearch_dashboards/data_explorer/index_pattern_without_timefield/mappings.json.txt'
     );

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/data_explorer/shared_links.spec.js

@@ -27,6 +27,7 @@ const indexSet = [
 describe('shared links', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     testFixtureHandler.importJSONMapping(
       'cypress/fixtures/dashboard/opensearch_dashboards/data_explorer/discover/discover.mappings.json.txt'
     );

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis-augmenter/dashboard_spec.js

@@ -81,6 +81,7 @@ describe('Vis augmenter - existing dashboards work as expected', () => {
 
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       // Create a dashboard and add some visualizations
       bootstrapDashboard(
         INDEX_SETTINGS_FILEPATH_SIMPLE,

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/basic.spec.js

@@ -23,6 +23,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Visualization Builder Base Tests', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/dashboard.spec.js

@@ -24,6 +24,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Visualization Builder Dashboard Tests', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
 

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/vis_types/area.spec.js

@@ -18,6 +18,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Vis Builder: Area Chart', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/vis_types/bar.spec.js

@@ -18,6 +18,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Vis Builder: Bar Chart', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/vis_types/line.spec.js

@@ -18,6 +18,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Vis Builder: Line Chart', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/vis_types/metric.spec.js

@@ -18,6 +18,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Vis Builder: Metric Chart', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_builder/vis_types/table.spec.js

@@ -18,6 +18,7 @@ if (Cypress.env('VISBUILDER_ENABLED')) {
   describe('Vis Builder: Table Chart', () => {
     before(() => {
       CURRENT_TENANT.newTenant = 'global';
+      cy.fleshTenantSettings();
       cy.deleteIndex(VB_INDEX_ID);
       cy.bulkUploadDocs(VB_PATH_INDEX_DATA);
       cy.importSavedObjects(VB_PATH_SO_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_type_table/basic.spec.js

@@ -27,6 +27,7 @@ import { CURRENT_TENANT } from '../../../../../utils/commands';
 describe('table visualization basic functions', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     cy.deleteIndex(TABLE_INDEX_ID);
     cy.deleteIndexPattern(TABLE_INDEX_PATTERN);
     cy.bulkUploadDocs(TABLE_PATH_INDEX_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_type_table/data.spec.js

@@ -26,6 +26,7 @@ const commonUI = new CommonUI(cy);
 describe('table visualization data', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     cy.deleteIndex(TABLE_INDEX_ID);
     cy.deleteIndexPattern(TABLE_INDEX_PATTERN);
     cy.bulkUploadDocs(TABLE_PATH_INDEX_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_type_table/embed.spec.js

@@ -58,6 +58,7 @@ describe('table visualization in embedded mode', () => {
 
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     cy.deleteIndex(TABLE_INDEX_ID);
     cy.deleteIndexPattern(TABLE_INDEX_PATTERN);
     cy.bulkUploadDocs(TABLE_PATH_INDEX_DATA);

cypress/integration/core-opensearch-dashboards/opensearch-dashboards/apps/vis_type_table/options.spec.js

@@ -20,6 +20,7 @@ import { CURRENT_TENANT } from '../../../../../utils/commands';
 describe('Table visualization options', () => {
   before(() => {
     CURRENT_TENANT.newTenant = 'global';
+    cy.fleshTenantSettings();
     cy.deleteIndex(TABLE_INDEX_ID);
     cy.deleteIndexPattern(TABLE_INDEX_PATTERN);
     cy.bulkUploadDocs(TABLE_PATH_INDEX_DATA);

cypress/integration/plugins/security-analytics-dashboards-plugin/2_rules.spec.js

@@ -239,22 +239,20 @@ describe('Rules', () => {
 
     it('...should validate rule name', () => {
       getNameField().sa_containsHelperText(
-        'Rule name must contain 5-50 characters. Valid characters are a-z, A-Z, 0-9, hyphens, spaces, and underscores'
+        'Rule name can be max 256 characters.'
       );
 
       getNameField().should('be.empty');
       getNameField().focus().blur();
       getNameField().sa_containsError('Rule name is required');
-      getNameField().type('text').focus().blur();
-      getNameField().sa_containsError('Invalid rule name.');
 
       getNameField()
         .type('{selectall}')
         .type('{backspace}')
-        .type('tex&')
+        .type('*$&*#(#*($*($')
         .focus()
-        .blur();
-      getNameField().sa_containsError('Invalid rule name.');
+        .blur()
+        .sa_shouldNotHaveError();
 
       getNameField()
         .type('{selectall}')
@@ -266,17 +264,19 @@ describe('Rules', () => {
     });
 
     it('...should validate rule description field', () => {
-      const invalidDescriptionText = 'This is a invalid % description.';
-
       getDescriptionField().should('be.empty');
-      getDescriptionField().type(invalidDescriptionText).focus().blur();
+
+      const invalidDescription = 'a'.repeat(65535);
+      getDescriptionField()
+        .focus()
+        .invoke('val', invalidDescription)
+        .type('b')
+        .blur();
 
       getDescriptionField()
         .parents('.euiFormRow__fieldWrapper')
         .find('.euiFormErrorText')
-        .contains(
-          'Description should only consist of upper and lowercase letters, numbers 0-9, commas, hyphens, periods, spaces, and underscores. Max limit of 65,535 characters.'
-        );
+        .contains(`Description has max limit of 65,535 characters.`);
 
       getDescriptionField()
         .type('{selectall}')
@@ -303,20 +303,20 @@ describe('Rules', () => {
 
       getAuthorField().should('be.empty');
       getAuthorField().focus().blur();
-      getAuthorField().sa_containsError('Author name is required');
 
-      getAuthorField()
-        .type('{selectall}')
-        .type('{backspace}')
-        .type('tex%')
-        .focus()
-        .blur();
+      let invalidAuthor = '';
+
+      for (let i = 0; i < 256; i++) {
+        invalidAuthor += 'a';
+      }
+
+      getAuthorField().focus().invoke('val', invalidAuthor).type('b').blur();
       getAuthorField().sa_containsError('Invalid author.');
 
       getAuthorField()
         .type('{selectall}')
         .type('{backspace}')
-        .type('Rule name')
+        .type('Rule author (@)')
         .focus()
         .blur()
         .sa_shouldNotHaveError();
@@ -330,7 +330,7 @@ describe('Rules', () => {
       getLogTypeField().sa_selectComboboxItem(
         getLogTypeLabel(SAMPLE_RULE.logType)
       );
-      getLogTypeField().focus().blur().sa_shouldNotHaveError();
+      getLogTypeField().focus().click().blur().sa_shouldNotHaveError();
     });
 
     it('...should validate rule level field', () => {
@@ -470,7 +470,6 @@ describe('Rules', () => {
 
       // author field
       getAuthorField().sa_clearValue();
-      toastShouldExist();
       getAuthorField().type('John Doe');
 
       // log field
@@ -512,6 +511,7 @@ describe('Rules', () => {
         getMapValueField().type('{selectall}').type('{backspace}')
       );
       toastShouldExist();
+
       getSelectionPanelByIndex(0).within(() =>
         getMapValueField().type('FieldValue')
       );

cypress/integration/plugins/security-analytics-dashboards-plugin/3_alerts.spec.js

@@ -41,7 +41,7 @@ describe('Alerts', () => {
       aliasMappings,
       ruleSettings,
       indexDoc,
-      4
+      docCount
     );
 
     // Wait for the detector to execute
@@ -265,7 +265,11 @@ describe('Alerts', () => {
       // The EuiCodeEditor used for this component stores each line of the JSON in an array of elements;
       // so this test formats the expected document into an array of strings,
       // and matches each entry with the corresponding element line.
-      const document = JSON.stringify(JSON.parse('{"EventID": 2003}'), null, 2);
+      const document = JSON.stringify(
+        JSON.parse('{"winlog.event_id": 2003}'),
+        null,
+        2
+      );
       const documentLines = document.split('\n');
       cy.get('[data-test-subj="finding-details-flyout-rule-document"]')
         .get('[class="euiCodeBlock__line"]')
@@ -350,6 +354,7 @@ describe('Alerts', () => {
       .should('have.length', 2);
 
     // Filter the table to show only "Active" alerts
+    cy.get('[data-text="Status"]');
     cy.get('[class="euiFilterSelect__items"]').within(() => {
       cy.contains('Acknowledged').click({ force: true });
       cy.contains('Active').click({ force: true });
@@ -387,6 +392,7 @@ describe('Alerts', () => {
       .should('have.length', 1);
 
     // Filter the table to show only "Acknowledged" alerts
+    cy.get('[data-text="Status"]').click({ force: true });
     cy.get('[class="euiFilterSelect__items"]').within(() => {
       cy.contains('Active').click({ force: true });
       cy.contains('Acknowledged').click({ force: true });

cypress/utils/commands.js

@@ -587,3 +587,9 @@ Cypress.Commands.add('loadSampleData', (type) => {
     url: `${BASE_PATH}/api/sample_data/${type}`,
   });
 });
+
+Cypress.Commands.add('fleshTenantSettings', () => {
+  // Go to the home page to flesh the tenant settings
+  cy.visit(`/app/home`);
+  cy.waitForLoader();
+});