From 962f73130b96df919473de79b6a9b0067652e607 Mon Sep 17 00:00:00 2001 From: Tomasz Ciecierski Date: Mon, 28 Oct 2024 15:44:29 +0100 Subject: [PATCH] [EDR Workflows] Fix Cypress tests failing on Alerts step (#197384) --- .../all/alerts_automated_action_results.cy.ts | 3 +- .../cypress/e2e/all/alerts_cases.cy.ts | 6 +- .../cypress/e2e/all/alerts_linked_apps.cy.ts | 4 +- .../e2e/all/alerts_multiple_agents.cy.ts | 3 +- .../cypress/e2e/all/ecs_mappings.cy.ts | 3 +- .../osquery/cypress/tasks/api_fixtures.ts | 2 +- .../osquery/cypress/tasks/live_query.ts | 3 +- .../automated_response_actions.cy.ts | 91 +++++++++---------- .../management/cypress/tasks/api_fixtures.ts | 2 +- .../public/management/cypress/tsconfig.json | 1 + 10 files changed, 53 insertions(+), 65 deletions(-) diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts index 1bc058b188fcc..4c7c9663b2d40 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts @@ -11,8 +11,7 @@ import { checkActionItemsInResults, loadRuleAlerts } from '../../tasks/live_quer const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}'; -// FLAKY: https://github.com/elastic/kibana/issues/169727 -describe.skip('Alert Flyout Automated Action Results', () => { +describe('Alert Flyout Automated Action Results', () => { let ruleId: string; before(() => { diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts index 2dbd905b4df93..1817a81e46821 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts @@ -49,8 +49,7 @@ describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, cleanupRule(ruleId); }); - // FLAKY: https://github.com/elastic/kibana/issues/197151 - describe.skip('Case creation', () => { + describe('Case creation', () => { let caseId: string; before(() => { @@ -86,8 +85,7 @@ describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] }, }); }); - // FLAKY: https://github.com/elastic/kibana/issues/176783 - describe.skip('Case', () => { + describe('Case', () => { let caseId: string; beforeEach(() => { diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts index f7585d32a2bba..2b04a99bd4f9c 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts @@ -18,9 +18,7 @@ import { import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations'; import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query'; -// Failing: See https://github.com/elastic/kibana/issues/181889 -// Failing: See https://github.com/elastic/kibana/issues/181889 -describe.skip( +describe( 'Alert Event Details', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], diff --git a/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts index 4f6d30dd71431..95f0d947b8e84 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts @@ -15,8 +15,7 @@ import { } from '../../tasks/live_query'; import { OSQUERY_FLYOUT_BODY_EDITOR } from '../../screens/live_query'; -// FLAKY: https://github.com/elastic/kibana/issues/170157 -describe.skip( +describe( 'Alert Event Details - dynamic params', { tags: ['@ess', '@serverless'], diff --git a/x-pack/plugins/osquery/cypress/e2e/all/ecs_mappings.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/ecs_mappings.cy.ts index 89881c47083fd..5330b7869e6f4 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/ecs_mappings.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/ecs_mappings.cy.ts @@ -18,8 +18,7 @@ import { typeInOsqueryFieldInput, } from '../../tasks/live_query'; -// Failing: See https://github.com/elastic/kibana/issues/192128 -describe.skip('EcsMapping', { tags: ['@ess', '@serverless'] }, () => { +describe('EcsMapping', { tags: ['@ess', '@serverless'] }, () => { beforeEach(() => { initializeDataViews(); }); diff --git a/x-pack/plugins/osquery/cypress/tasks/api_fixtures.ts b/x-pack/plugins/osquery/cypress/tasks/api_fixtures.ts index 2b0db52f45699..4aa2879883b38 100644 --- a/x-pack/plugins/osquery/cypress/tasks/api_fixtures.ts +++ b/x-pack/plugins/osquery/cypress/tasks/api_fixtures.ts @@ -231,7 +231,7 @@ export const loadRule = (includeResponseActions = false) => { tags: [], license: '', interval: '1m', - from: 'now-120s', + from: 'now-360s', to: 'now', meta: { from: '1m', kibana_siem_app_url: 'http://localhost:5620/app/security' }, actions: [], diff --git a/x-pack/plugins/osquery/cypress/tasks/live_query.ts b/x-pack/plugins/osquery/cypress/tasks/live_query.ts index c8ef188010130..910427272c5ff 100644 --- a/x-pack/plugins/osquery/cypress/tasks/live_query.ts +++ b/x-pack/plugins/osquery/cypress/tasks/live_query.ts @@ -58,7 +58,7 @@ export const verifyQueryTimeout = (timeout: string) => { // sometimes the results get stuck in the tests, this is a workaround export const checkResults = () => { - cy.getBySel('osqueryResultsTable').then(($table) => { + cy.getBySel('osqueryResultsTable', { timeout: 120000 }).then(($table) => { if ($table.find('div .euiDataGridRow').length > 0) { cy.getBySel('dataGridRowCell', { timeout: 120000 }).should('have.lengthOf.above', 0); } else { @@ -158,6 +158,7 @@ export const checkActionItemsInResults = ({ cases: boolean; timeline: boolean; }) => { + checkResults(); cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist'); cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist'); cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist'); diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts index 887fa47d03918..86e07e65e83ae 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts @@ -5,13 +5,13 @@ * 2.0. */ +import { waitForAlertsToPopulate } from '@kbn/test-suites-xpack/security_solution_cypress/cypress/tasks/create_new_rule'; +import { login } from '../../tasks/login'; +import { waitForEndpointListPageToBeLoaded } from '../../tasks/response_console'; import type { PolicyData } from '../../../../../common/endpoint/types'; -import { APP_ENDPOINTS_PATH } from '../../../../../common/constants'; import { closeAllToasts } from '../../tasks/toasts'; import { toggleRuleOffAndOn, visitRuleAlerts } from '../../tasks/isolate'; import { cleanupRule, loadRule } from '../../tasks/api_fixtures'; -import { login } from '../../tasks/login'; -import { loadPage } from '../../tasks/common'; import type { IndexedFleetEndpointPolicyResponse } from '../../../../../common/endpoint/data_loaders/index_fleet_endpoint_policy'; import { createAgentPolicyTask, getEndpointIntegrationVersion } from '../../tasks/fleet'; import { changeAlertsFilter } from '../../tasks/alerts'; @@ -38,21 +38,33 @@ describe( let indexedPolicy: IndexedFleetEndpointPolicyResponse; let policy: PolicyData; let createdHost: CreateAndEnrollEndpointHostResponse; + let ruleId: string; + let ruleName: string; + beforeEach(() => { + login(); + }); before(() => { - getEndpointIntegrationVersion().then((version) => - createAgentPolicyTask(version, 'automated_response_actions').then((data) => { - indexedPolicy = data; - policy = indexedPolicy.integrationPolicies[0]; - - return enableAllPolicyProtections(policy.id).then(() => { - // Create and enroll a new Endpoint host - return createEndpointHost(policy.policy_ids[0]).then((host) => { - createdHost = host as CreateAndEnrollEndpointHostResponse; + getEndpointIntegrationVersion() + .then((version) => + createAgentPolicyTask(version, 'automated_response_actions').then((data) => { + indexedPolicy = data; + policy = indexedPolicy.integrationPolicies[0]; + + return enableAllPolicyProtections(policy.id).then(() => { + // Create and enroll a new Endpoint host + return createEndpointHost(policy.policy_ids[0]).then((host) => { + createdHost = host as CreateAndEnrollEndpointHostResponse; + }); }); + }) + ) + .then(() => { + loadRule().then((data) => { + ruleId = data.id; + ruleName = data.name; }); - }) - ); + }); }); after(() => { @@ -67,48 +79,29 @@ describe( if (createdHost) { deleteAllLoadedEndpointData({ endpointAgentIds: [createdHost.agentId] }); } - }); - beforeEach(() => { - login(); + if (ruleId) { + cleanupRule(ruleId); + } }); - // FLAKY: https://github.com/elastic/kibana/issues/169828 - describe.skip('From alerts', () => { - let ruleId: string; - let ruleName: string; - - before(() => { - loadRule().then((data) => { - ruleId = data.id; - ruleName = data.name; - }); - }); - - after(() => { - if (ruleId) { - cleanupRule(ruleId); - } - }); - - it('should have generated endpoint and rule', () => { - loadPage(APP_ENDPOINTS_PATH); - cy.contains(createdHost.hostname).should('exist'); + it('should have been called against a created host', () => { + waitForEndpointListPageToBeLoaded(createdHost.hostname); + toggleRuleOffAndOn(ruleName); - toggleRuleOffAndOn(ruleName); + visitRuleAlerts(ruleName); + closeAllToasts(); - visitRuleAlerts(ruleName); - closeAllToasts(); + changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`); + waitForAlertsToPopulate(); - changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`); - cy.getByTestSubj('expand-event').first().click(); - cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click(); - cy.getByTestSubj('securitySolutionFlyoutResponseTab').click(); + cy.getByTestSubj('expand-event').first().click(); + cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click(); + cy.getByTestSubj('securitySolutionFlyoutResponseTab').click(); - cy.contains(/isolate is pending|isolate completed successfully/g); - cy.contains(/kill-process is pending|kill-process completed successfully/g); - cy.contains('The action was called with a non-existing event field name: entity_id'); - }); + cy.contains(/isolate is pending|isolate completed successfully/g); + cy.contains(/kill-process is pending|kill-process completed successfully/g); + cy.contains('The action was called with a non-existing event field name: entity_id'); }); } ); diff --git a/x-pack/plugins/security_solution/public/management/cypress/tasks/api_fixtures.ts b/x-pack/plugins/security_solution/public/management/cypress/tasks/api_fixtures.ts index 1bd0e5652b442..e6e44e7e5517a 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/tasks/api_fixtures.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/tasks/api_fixtures.ts @@ -55,7 +55,7 @@ export const loadRule = (body = {}, includeResponseActions = true) => tags: [], license: '', interval: '1m', - from: 'now-120s', + from: 'now-360s', to: 'now', meta: { from: '1m', kibana_siem_app_url: 'http://localhost:5620/app/security' }, actions: [], diff --git a/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json b/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json index 5d124d1035259..c983368164906 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json +++ b/x-pack/plugins/security_solution/public/management/cypress/tsconfig.json @@ -34,5 +34,6 @@ "@kbn/security-solution-serverless", "@kbn/dev-utils", "@kbn/spaces-plugin", + "@kbn/test-suites-xpack/security_solution_cypress/cypress", ] }