From be648a4fcf5e8831640187c834974eec5d3933ce Mon Sep 17 00:00:00 2001 From: Maxim Palenov Date: Mon, 3 Mar 2025 16:18:17 +0100 Subject: [PATCH] test fixes --- .../ftr_security_serverless_configs.yml | 1 - .buildkite/ftr_security_stateful_configs.yml | 1 - .../translations/translations/fr-FR.json | 1 - .../translations/translations/ja-JP.json | 1 - .../translations/translations/zh-CN.json | 1 - .../common/experimental_features.ts | 11 -- .../rules_table/use_rules_table_actions.tsx | 5 - .../integrations_popover/index.tsx | 15 +- .../related_integrations/translations.ts | 7 - .../rules/rule_actions_overflow/index.tsx | 10 +- .../api/rules/import_rules/route.test.ts | 11 +- .../api/rules/import_rules/route.ts | 35 +--- .../logic/bulk_actions/bulk_edit_rules.ts | 1 - .../logic/bulk_actions/validations.ts | 6 +- .../rule_source/calculate_is_customized.ts | 15 -- .../rule_source/calculate_rule_source.test.ts | 64 ------- .../rule_source/calculate_rule_source.ts | 4 - .../export/get_export_by_object_ids.test.ts | 27 ++- .../calculate_rule_source_for_import.ts | 4 - .../logic/import/import_rules_legacy.test.ts | 110 ------------ .../logic/import/import_rules_legacy.ts | 139 --------------- .../configs/ess_basic_license.config.ts | 9 - .../configs/ess_trial_license.config.ts | 25 --- .../serverless_complete_tier.config.ts | 17 -- .../serverless_essentials_tier.config.ts | 5 - .../configs/ess.config.ts | 9 - .../configs/serverless.config.ts | 5 - .../common_fields/configs/ess.config.ts | 9 - .../configs/serverless.config.ts | 5 - .../configs/ess.config.ts | 9 - .../configs/serverless.config.ts | 5 - .../perform_bulk_action.ts | 79 +-------- .../perform_bulk_action_dry_run.ts | 30 +--- .../configs/ess_basic_license.config.ts | 10 -- .../serverless_essentials_tier.config.ts | 5 - .../configs/ess_basic_license.config.ts | 10 -- .../serverless_essentials_tier.config.ts | 5 - .../configs/ess_enterprise_license.config.ts | 10 -- .../serverless_complete_tier.config.ts | 5 - .../configs/ess_basic_license.config.ts | 10 -- .../serverless_essentials_tier.config.ts | 5 - .../import_rules.ts | 36 ++-- .../prebuilt_rules/export_prebuilt_rule.cy.ts | 9 - .../prebuilt_rules/import_prebuilt_rule.cy.ts | 9 - .../prebuilt_rules_preview.cy.ts | 15 +- .../prebuilt_rules/rule_customization.cy.ts | 9 - .../update_workflow_customized_rules.cy.ts | 9 - .../related_integrations.cy.ts | 4 +- .../bulk_actions/bulk_edit_rules.cy.ts | 166 ++++++------------ .../import_export/export_rule.cy.ts | 56 ++---- .../import_export/import_rules.cy.ts | 11 +- .../cypress/tasks/rules_bulk_actions.ts | 6 - 52 files changed, 152 insertions(+), 914 deletions(-) delete mode 100644 x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.test.ts delete mode 100644 x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 2a2622c84523b..99587d6172d95 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -81,7 +81,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index c61c5792c3933..2a07e7ae1dadc 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -63,7 +63,6 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json index 9b9391fa707d6..145afd1edb0d4 100644 --- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json +++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json @@ -35712,7 +35712,6 @@ "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "Impossible d'afficher un aperçu de la règle", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "Afficher les détails", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "Afficher les détails pour l'alerte ou l'événement de la ligne {ariaRowindex}, avec les colonnes {columnValues}", - "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "intégrations", "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "Désactivé", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "Activé", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "L'intégration est installée et une politique d'intégration avec la configuration requise existe. Assurez-vous que des agents Elastic sont affectés à cette politique pour ingérer des événements compatibles.", diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json index c77f208a66fe2..a5a5585bbc890 100644 --- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json +++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json @@ -35573,7 +35573,6 @@ "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "ルールをプレビューできませんでした", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "詳細を表示", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "行 {ariaRowindex}、列 {columnValues} のアラートまたはイベントの詳細を表示", - "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "統合", "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "無効", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "有効", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "統合はインストールされ、必要な構成が行われている統合ポリシーが存在します。Elasticエージェントにこのポリシーが割り当てられていることを確認し、互換性があるイベントを取り込みます。", diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json index d150ff2a881b6..5804c2b44f088 100644 --- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json +++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json @@ -35042,7 +35042,6 @@ "xpack.securitySolution.detectionEngine.queryPreview.rulePreviewError": "无法预览规则", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsAriaLabel": "查看详情", "xpack.securitySolution.detectionEngine.queryPreview.viewDetailsForRowAriaLabel": "查看第 {ariaRowindex} 行的告警或事件的详细信息,其中列为 {columnValues}", - "xpack.securitySolution.detectionEngine.relatedIntegrations.badgeTitle": "集成", "xpack.securitySolution.detectionEngine.relatedIntegrations.disabledTitle": "已禁用", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTitle": "已启用", "xpack.securitySolution.detectionEngine.relatedIntegrations.enabledTooltip": "集成已安装,并且存在具有所需配置的集成策略。确保 Elastic 代理已分配此策略以采集兼容的事件。", diff --git a/x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts b/x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts index f0a67cedcc7b6..f0e6fa5f06ea8 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/experimental_features.ts @@ -184,17 +184,6 @@ export const allowedExperimentalValues = Object.freeze({ */ jamfDataInAnalyzerEnabled: true, - /** - * Enables an ability to customize Elastic prebuilt rules. - * - * Ticket: https://github.com/elastic/kibana/issues/174168 - * Owners: https://github.com/orgs/elastic/teams/security-detection-rule-management - * Added: on Jun 24, 2024 in https://github.com/elastic/kibana/pull/186823 - * Turned: TBD - * Expires: TBD - */ - prebuiltRulesCustomizationEnabled: true, - /** * Makes Elastic Defend integration's Malware On-Write Scan option available to edit. */ diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx index 6962c66e69f48..dc19a1574fc35 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/use_rules_table_actions.tsx @@ -26,7 +26,6 @@ import { useHasActionsPrivileges } from './use_has_actions_privileges'; import type { TimeRange } from '../../../rule_gaps/types'; import { useScheduleRuleRun } from '../../../rule_gaps/logic/use_schedule_rule_run'; import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; export const useRulesTableActions = ({ showExceptionsDuplicateConfirmation, @@ -47,9 +46,6 @@ export const useRulesTableActions = ({ const { bulkExport } = useBulkExport(); const downloadExportedRules = useDownloadExportedRules(); const { scheduleRuleRun } = useScheduleRuleRun(); - const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled( - 'prebuiltRulesCustomizationEnabled' - ); return [ { @@ -120,7 +116,6 @@ export const useRulesTableActions = ({ await downloadExportedRules(response); } }, - enabled: (rule: Rule) => isPrebuiltRulesCustomizationFeatureFlagEnabled || !rule.immutable, }, { type: 'icon', diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/integrations_popover/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/integrations_popover/index.tsx index 02dbb22419795..8cc8dffeb0f6f 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/integrations_popover/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/related_integrations/integrations_popover/index.tsx @@ -15,8 +15,6 @@ import { EuiText, EuiSpacer, } from '@elastic/eui'; - -import { usePrebuiltRulesCustomizationStatus } from '../../../../../detection_engine/rule_management/logic/prebuilt_rules/use_prebuilt_rules_customization_status'; import type { RelatedIntegrationArray } from '../../../../../../common/api/detection_engine/model/rule_schema'; import { IntegrationDescription } from '../integrations_description'; import { useRelatedIntegrations } from '../use_related_integrations'; @@ -55,7 +53,6 @@ const IntegrationListItem = styled('li')` const IntegrationsPopoverComponent = ({ relatedIntegrations }: IntegrationsPopoverProps) => { const [isPopoverOpen, setPopoverOpen] = useState(false); const { integrations, isLoaded } = useRelatedIntegrations(relatedIntegrations); - const { isRulesCustomizationEnabled } = usePrebuiltRulesCustomizationStatus(); const enabledIntegrations = useMemo(() => { return integrations.filter( @@ -66,14 +63,10 @@ const IntegrationsPopoverComponent = ({ relatedIntegrations }: IntegrationsPopov const numIntegrations = integrations.length; const numIntegrationsEnabled = enabledIntegrations.length; - const badgeTitle = useMemo(() => { - if (isRulesCustomizationEnabled) { - return isLoaded ? `${numIntegrationsEnabled}/${numIntegrations}` : `${numIntegrations}`; - } - return isLoaded - ? `${numIntegrationsEnabled}/${numIntegrations} ${i18n.INTEGRATIONS_BADGE}` - : `${numIntegrations} ${i18n.INTEGRATIONS_BADGE}`; - }, [isLoaded, isRulesCustomizationEnabled, numIntegrations, numIntegrationsEnabled]); + const badgeTitle = useMemo( + () => (isLoaded ? `${numIntegrationsEnabled}/${numIntegrations}` : `${numIntegrations}`), + [isLoaded, numIntegrations, numIntegrationsEnabled] + ); return ( i18n.translate('xpack.securitySolution.detectionEngine.relatedIntegrations.popoverTitle', { values: { integrationsCount }, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx index fe3bd350cd1e5..55f57d0f9b939 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/rules/rule_actions_overflow/index.tsx @@ -35,7 +35,6 @@ import { useDownloadExportedRules } from '../../../../detection_engine/rule_mana import * as i18nActions from '../../../pages/detection_engine/rules/translations'; import * as i18n from './translations'; import { ManualRuleRunEventTypes } from '../../../../common/lib/telemetry'; -import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; const MyEuiButtonIcon = styled(EuiButtonIcon)` &.euiButtonIcon { @@ -73,9 +72,6 @@ const RuleActionsOverflowComponent = ({ application: { navigateToApp }, telemetry, } = useKibana().services; - const isPrebuiltRulesCustomizationFeatureFlagEnabled = useIsExperimentalFeatureEnabled( - 'prebuiltRulesCustomizationEnabled' - ); const { startTransaction } = useStartTransaction(); const { executeBulkAction } = useExecuteBulkAction({ suppressSuccessToast: true }); const { bulkExport } = useBulkExport(); @@ -141,10 +137,7 @@ const RuleActionsOverflowComponent = ({ { startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT }); @@ -213,7 +206,6 @@ const RuleActionsOverflowComponent = ({ rule, canDuplicateRuleWithActions, userHasPermissions, - isPrebuiltRulesCustomizationFeatureFlagEnabled, startTransaction, closePopover, showBulkDuplicateExceptionsConfirmation, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts index ceda794308254..293392eca47fa 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts @@ -31,7 +31,6 @@ import { getQueryRuleParams } from '../../../../rule_schema/mocks'; import { importRulesRoute } from './route'; import { HttpAuthzError } from '../../../../../machine_learning/validation'; import { createPrebuiltRuleAssetsClient as createPrebuiltRuleAssetsClientMock } from '../../../../prebuilt_rules/logic/rule_assets/__mocks__/prebuilt_rule_assets_client'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; jest.mock('../../../../../machine_learning/authz'); @@ -41,7 +40,11 @@ jest.mock('../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_cli createPrebuiltRuleAssetsClient: () => mockPrebuiltRuleAssetsClient, })); -describe('Import rules route', () => { +// Skipped in https://github.com/elastic/kibana/pull/212761 +// We have to find a way to use original detectionRulesClient.importRules() while mocking detectionRulesClient.importRule(). +// detectionRulesClient.importRules() uses detectionRulesClient.importRule() under the hood. +// Without proper mocking this test suite will test the mock. +describe.skip('Import rules route', () => { let config: ReturnType; let server: ReturnType; let request: ReturnType; @@ -58,10 +61,6 @@ describe('Import rules route', () => { clients.rulesClient.update.mockResolvedValue(getRuleMock(getQueryRuleParams())); clients.detectionRulesClient.createCustomRule.mockResolvedValue(getRulesSchemaMock()); clients.detectionRulesClient.importRule.mockResolvedValue(getRulesSchemaMock()); - clients.detectionRulesClient.getRuleCustomizationStatus.mockReturnValue({ - isRulesCustomizationEnabled: false, - customizationDisabledReason: PrebuiltRulesCustomizationDisabledReason.FeatureFlag, - }); clients.actionsClient.getAll.mockResolvedValue([]); context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue( elasticsearchClientMock.createSuccessTransportRequestPromise(getBasicEmptySearchResponse()) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index e71d891d409b2..a8233915951b1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -18,7 +18,6 @@ import { import { DETECTION_ENGINE_RULES_IMPORT_URL } from '../../../../../../../common/constants'; import type { ConfigType } from '../../../../../../config'; import type { HapiReadableStream, SecuritySolutionPluginRouter } from '../../../../../../types'; -import type { ImportRuleResponse } from '../../../../routes/utils'; import { buildSiemResponse, createBulkErrorObject, @@ -29,8 +28,7 @@ import { createPrebuiltRuleAssetsClient } from '../../../../prebuilt_rules/logic import { importRuleActionConnectors } from '../../../logic/import/action_connectors/import_rule_action_connectors'; import { createRuleSourceImporter } from '../../../logic/import/rule_source_importer'; import { importRules } from '../../../logic/import/import_rules'; -// eslint-disable-next-line no-restricted-imports -import { importRulesLegacy } from '../../../logic/import/import_rules_legacy'; + import { createPromiseFromRuleImportStream } from '../../../logic/import/create_promise_from_rule_import_stream'; import { importRuleExceptions } from '../../../logic/import/import_rule_exceptions'; import { isRuleToImport } from '../../../logic/import/utils'; @@ -39,7 +37,6 @@ import { migrateLegacyActionsIds, } from '../../../utils/utils'; import { RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS } from '../../timeouts'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; import { createPrebuiltRuleObjectsClient } from '../../../../prebuilt_rules/logic/rule_objects/prebuilt_rule_objects_client'; const CHUNK_PARSED_OBJECT_SIZE = 50; @@ -89,7 +86,6 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C const rulesClient = await ctx.alerting.getRulesClient(); const detectionRulesClient = ctx.securitySolution.getDetectionRulesClient(); - const ruleCustomizationStatus = detectionRulesClient.getRuleCustomizationStatus(); const actionsClient = ctx.actions.getActionsClient(); const actionSOClient = ctx.core.savedObjects.getClient({ includedHiddenTypes: ['action'], @@ -168,28 +164,13 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C const [parsedRules, parsedRuleErrors] = partition(isRuleToImport, parsedRuleStream); const ruleChunks = chunk(CHUNK_PARSED_OBJECT_SIZE, parsedRules); - let importRuleResponse: ImportRuleResponse[] = []; - - if ( - ruleCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.FeatureFlag - ) { - importRuleResponse = await importRulesLegacy({ - ruleChunks, - overwriteRules: request.query.overwrite, - allowMissingConnectorSecrets: !!actionConnectors.length, - detectionRulesClient, - savedObjectsClient, - }); - } else { - importRuleResponse = await importRules({ - ruleChunks, - overwriteRules: request.query.overwrite, - allowMissingConnectorSecrets: !!actionConnectors.length, - ruleSourceImporter, - detectionRulesClient, - }); - } + const importRuleResponse = await importRules({ + ruleChunks, + overwriteRules: request.query.overwrite, + allowMissingConnectorSecrets: !!actionConnectors.length, + ruleSourceImporter, + detectionRulesClient, + }); const parseErrors = parsedRuleErrors.map((error) => createBulkErrorObject({ diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/bulk_edit_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/bulk_edit_rules.ts index 4a440c4b211c2..10c6212ea91f0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/bulk_edit_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/bulk_edit_rules.ts @@ -96,7 +96,6 @@ export const bulkEditRules = async ({ baseRule: baseVersionsMap.get(nextRule.rule_id), currentRule: convertAlertingRuleToRuleResponse(currentRule), nextRule, - ruleCustomizationStatus, }); } diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts index caec786fb2ab6..0d6178196aea9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts @@ -15,7 +15,6 @@ import { BulkActionsDryRunErrCodeEnum, } from '../../../../../../common/api/detection_engine/rule_management'; import type { PrebuiltRulesCustomizationStatus } from '../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; import { isEsqlRule } from '../../../../../../common/detection_engine/utils'; import { isMlRule } from '../../../../../../common/machine_learning/helpers'; import { invariant } from '../../../../../../common/utils/invariant'; @@ -108,10 +107,7 @@ export const validateBulkEditRule = async ({ if (!canRuleBeEdited) { await throwDryRunError( () => invariant(canRuleBeEdited, "Elastic rule can't be edited"), - ruleCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.FeatureFlag - ? BulkActionsDryRunErrCodeEnum.IMMUTABLE - : BulkActionsDryRunErrCodeEnum.PREBUILT_CUSTOMIZATION_LICENSE + BulkActionsDryRunErrCodeEnum.PREBUILT_CUSTOMIZATION_LICENSE ); } } diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_is_customized.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_is_customized.ts index e784c150e83ce..78c94fa250793 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_is_customized.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_is_customized.ts @@ -11,34 +11,19 @@ import type { PrebuiltRuleAsset } from '../../../../../prebuilt_rules'; import { calculateRuleFieldsDiff } from '../../../../../prebuilt_rules/logic/diff/calculation/calculate_rule_fields_diff'; import { convertRuleToDiffable } from '../../../../../../../../common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable'; import { convertPrebuiltRuleAssetToRuleResponse } from '../../converters/convert_prebuilt_rule_asset_to_rule_response'; -import { - PrebuiltRulesCustomizationDisabledReason, - type PrebuiltRulesCustomizationStatus, -} from '../../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; interface CalculateIsCustomizedArgs { baseRule: PrebuiltRuleAsset | undefined; nextRule: RuleResponse; // Current rule can be undefined in case of importing a prebuilt rule that is not installed currentRule: RuleResponse | undefined; - ruleCustomizationStatus: PrebuiltRulesCustomizationStatus; } export function calculateIsCustomized({ baseRule, nextRule, currentRule, - ruleCustomizationStatus, }: CalculateIsCustomizedArgs) { - if ( - ruleCustomizationStatus.customizationDisabledReason === - PrebuiltRulesCustomizationDisabledReason.FeatureFlag - ) { - // We don't want to accidentally mark rules as customized when customization - // is disabled. - return false; - } - if (baseRule) { // Base version is available, so we can determine the customization status // by comparing the base version with the next version diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.test.ts index b1b9ff306a68b..c2ba2164259f9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.test.ts @@ -5,8 +5,6 @@ * 2.0. */ -import type { PrebuiltRulesCustomizationStatus } from '../../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; -import { PrebuiltRulesCustomizationDisabledReason } from '../../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; import { createPrebuiltRuleAssetsClient } from '../../../../../prebuilt_rules/logic/rule_assets/__mocks__/prebuilt_rule_assets_client'; import { applyRuleDefaults } from '../apply_rule_defaults'; import { calculateRuleSource } from './calculate_rule_source'; @@ -37,10 +35,6 @@ const getSampleRule = () => { }; }; -const ruleCustomizationStatus: PrebuiltRulesCustomizationStatus = { - isRulesCustomizationEnabled: true, -}; - describe('calculateRuleSource', () => { it('returns an internal rule source when the rule is not prebuilt', async () => { const rule = getSampleRule(); @@ -50,7 +44,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: undefined, - ruleCustomizationStatus, }); expect(result).toEqual({ type: 'internal', @@ -68,7 +61,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: rule, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ @@ -90,7 +82,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: rule, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ @@ -114,32 +105,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: rule, - ruleCustomizationStatus, - }); - expect(result).toEqual( - expect.objectContaining({ - type: 'external', - is_customized: false, - }) - ); - }); - - it('returns is_customized false when the rule is customized but customization feature flag is disabled', async () => { - const rule = getSampleRule(); - rule.immutable = true; - rule.name = 'Updated name'; - - const baseRule = getSampleRuleAsset(); - prebuiltRuleAssetClient.fetchAssetsByVersion.mockResolvedValueOnce([baseRule]); - - const result = await calculateRuleSource({ - prebuiltRuleAssetClient, - nextRule: rule, - currentRule: rule, - ruleCustomizationStatus: { - isRulesCustomizationEnabled: false, - customizationDisabledReason: PrebuiltRulesCustomizationDisabledReason.FeatureFlag, - }, }); expect(result).toEqual( expect.objectContaining({ @@ -149,31 +114,6 @@ describe('calculateRuleSource', () => { ); }); - it('returns is_customized true when the rule is customized and customization is disabled because of license', async () => { - const rule = getSampleRule(); - rule.immutable = true; - rule.name = 'Updated name'; - - const baseRule = getSampleRuleAsset(); - prebuiltRuleAssetClient.fetchAssetsByVersion.mockResolvedValueOnce([baseRule]); - - const result = await calculateRuleSource({ - prebuiltRuleAssetClient, - nextRule: rule, - currentRule: rule, - ruleCustomizationStatus: { - isRulesCustomizationEnabled: false, - customizationDisabledReason: PrebuiltRulesCustomizationDisabledReason.License, - }, - }); - expect(result).toEqual( - expect.objectContaining({ - type: 'external', - is_customized: true, - }) - ); - }); - describe('missing base versions', () => { it('return is_customized false when the base version and current version are missing', async () => { const rule = getSampleRule(); @@ -186,7 +126,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: undefined, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ @@ -211,7 +150,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: rule, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ @@ -236,7 +174,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule: rule, currentRule: rule, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ @@ -266,7 +203,6 @@ describe('calculateRuleSource', () => { prebuiltRuleAssetClient, nextRule, currentRule: rule, - ruleCustomizationStatus, }); expect(result).toEqual( expect.objectContaining({ diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.ts index 3603a7aa7ff6c..3b1944ccfe185 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/rule_source/calculate_rule_source.ts @@ -9,7 +9,6 @@ import type { RuleResponse, RuleSource, } from '../../../../../../../../common/api/detection_engine/model/rule_schema'; -import type { PrebuiltRulesCustomizationStatus } from '../../../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; import type { PrebuiltRuleAsset } from '../../../../../prebuilt_rules'; import type { IPrebuiltRuleAssetsClient } from '../../../../../prebuilt_rules/logic/rule_assets/prebuilt_rule_assets_client'; import { calculateIsCustomized } from './calculate_is_customized'; @@ -18,14 +17,12 @@ interface CalculateRuleSourceProps { prebuiltRuleAssetClient: IPrebuiltRuleAssetsClient; nextRule: RuleResponse; currentRule: RuleResponse | undefined; - ruleCustomizationStatus: PrebuiltRulesCustomizationStatus; } export async function calculateRuleSource({ prebuiltRuleAssetClient, nextRule, currentRule, - ruleCustomizationStatus, }: CalculateRuleSourceProps): Promise { if (nextRule.immutable) { // This is a prebuilt rule and, despite the name, they are not immutable. So @@ -42,7 +39,6 @@ export async function calculateRuleSource({ baseRule, nextRule, currentRule, - ruleCustomizationStatus, }); return { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.test.ts index 5093393d6d657..f39402240d35a 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/export/get_export_by_object_ids.test.ts @@ -87,12 +87,21 @@ describe('getExportByObjectIds', () => { expect(exports.actionConnectors).toBe(''); }); - test('it DOES NOT export immutable rules', async () => { + test('it exports prebuilt rules', async () => { const rulesClient = rulesClientMock.create(); - const immutableRule = getRuleMock(getQueryRuleParams({ ruleId: 'rule-1', immutable: true })); + const prebuiltRule = getRuleMock( + getQueryRuleParams({ + ruleId: 'rule-1', + immutable: true, + ruleSource: { + type: 'external', + isCustomized: false, + }, + }) + ); - rulesClient.get.mockResolvedValue(immutableRule); - rulesClient.find.mockResolvedValue(getFindResultWithMultiHits({ data: [immutableRule] })); + rulesClient.get.mockResolvedValue(prebuiltRule); + rulesClient.find.mockResolvedValue(getFindResultWithMultiHits({ data: [prebuiltRule] })); const ruleIds = ['rule-1']; const exports = await getExportByObjectIds( @@ -105,13 +114,13 @@ describe('getExportByObjectIds', () => { ); expect(JSON.parse(exports.exportDetails)).toMatchObject({ - exported_count: 0, - exported_rules_count: 0, - missing_rules: [{ rule_id: 'rule-1' }], - missing_rules_count: 1, + exported_count: 1, + exported_rules_count: 1, + missing_rules: [], + missing_rules_count: 0, }); expect(exports).toMatchObject({ - rulesNdjson: '', + rulesNdjson: expect.any(String), exceptionLists: '', actionConnectors: '', }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/calculate_rule_source_for_import.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/calculate_rule_source_for_import.ts index 440bad4f95325..7f77d749d05be 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/calculate_rule_source_for_import.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/calculate_rule_source_for_import.ts @@ -10,7 +10,6 @@ import type { RuleSource, ValidatedRuleToImport, } from '../../../../../../common/api/detection_engine'; -import type { PrebuiltRulesCustomizationStatus } from '../../../../../../common/detection_engine/prebuilt_rules/prebuilt_rule_customization_status'; import type { PrebuiltRuleAsset } from '../../../prebuilt_rules'; import { calculateIsCustomized } from '../detection_rules_client/mergers/rule_source/calculate_is_customized'; import { convertRuleToImportToRuleResponse } from './converters/convert_rule_to_import_to_rule_response'; @@ -31,13 +30,11 @@ export const calculateRuleSourceForImport = ({ currentRule, prebuiltRuleAssetsByRuleId, isKnownPrebuiltRule, - ruleCustomizationStatus, }: { importedRule: ValidatedRuleToImport; currentRule: RuleResponse | undefined; prebuiltRuleAssetsByRuleId: Record; isKnownPrebuiltRule: boolean; - ruleCustomizationStatus: PrebuiltRulesCustomizationStatus; }): { ruleSource: RuleSource; immutable: boolean } => { if (!isKnownPrebuiltRule) { return { @@ -57,7 +54,6 @@ export const calculateRuleSourceForImport = ({ baseRule, nextRule, currentRule, - ruleCustomizationStatus, }); return { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.test.ts deleted file mode 100644 index 0d8fe8118471b..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.test.ts +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { SavedObjectsClientContract } from '@kbn/core/server'; -import { savedObjectsClientMock } from '@kbn/core/server/mocks'; -import { getImportRulesSchemaMock } from '../../../../../../common/api/detection_engine/rule_management/mocks'; -import { getRulesSchemaMock } from '../../../../../../common/api/detection_engine/model/rule_schema/rule_response_schema.mock'; -import { requestContextMock } from '../../../routes/__mocks__'; - -import { createRuleImportErrorObject } from './errors'; - -// eslint-disable-next-line no-restricted-imports -import { importRulesLegacy } from './import_rules_legacy'; - -describe('importRulesLegacy', () => { - const { clients, context } = requestContextMock.createTools(); - const ruleToImport = getImportRulesSchemaMock(); - - let savedObjectsClient: jest.Mocked; - - beforeEach(() => { - jest.clearAllMocks(); - - savedObjectsClient = savedObjectsClientMock.create(); - }); - - it('returns an empty rules response if no rules to import', async () => { - const result = await importRulesLegacy({ - ruleChunks: [], - overwriteRules: false, - detectionRulesClient: context.securitySolution.getDetectionRulesClient(), - savedObjectsClient, - }); - - expect(result).toEqual([]); - }); - - it('returns 409 error if DetectionRulesClient throws with 409 - existing rule', async () => { - clients.detectionRulesClient.importRule.mockImplementationOnce(async () => { - throw createRuleImportErrorObject({ - ruleId: ruleToImport.rule_id, - type: 'conflict', - message: `rule_id: "${ruleToImport.rule_id}" already exists`, - }); - }); - - const ruleChunk = [ruleToImport]; - const result = await importRulesLegacy({ - ruleChunks: [ruleChunk], - overwriteRules: false, - detectionRulesClient: context.securitySolution.getDetectionRulesClient(), - savedObjectsClient, - }); - - expect(result).toEqual([ - { - error: { - message: `rule_id: "${ruleToImport.rule_id}" already exists`, - status_code: 409, - }, - rule_id: ruleToImport.rule_id, - }, - ]); - }); - - it('creates rule if no matching existing rule found', async () => { - clients.detectionRulesClient.importRule.mockResolvedValue({ - ...getRulesSchemaMock(), - rule_id: ruleToImport.rule_id, - }); - - const ruleChunk = [ruleToImport]; - const result = await importRulesLegacy({ - ruleChunks: [ruleChunk], - overwriteRules: false, - detectionRulesClient: context.securitySolution.getDetectionRulesClient(), - savedObjectsClient, - }); - - expect(result).toEqual([{ rule_id: ruleToImport.rule_id, status_code: 200 }]); - }); - - it('rejects a prebuilt rule specifying an immutable value of true', async () => { - const prebuiltRuleToImport = { - ...getImportRulesSchemaMock(), - immutable: true, - version: 1, - }; - const result = await importRulesLegacy({ - ruleChunks: [[prebuiltRuleToImport]], - overwriteRules: false, - detectionRulesClient: context.securitySolution.getDetectionRulesClient(), - savedObjectsClient, - }); - - expect(result).toEqual([ - { - error: { - message: `Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: ${prebuiltRuleToImport.rule_id}]`, - status_code: 400, - }, - rule_id: prebuiltRuleToImport.rule_id, - }, - ]); - }); -}); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.ts deleted file mode 100644 index 384683ce1916e..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/logic/import/import_rules_legacy.ts +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; -import type { SavedObjectsClientContract } from '@kbn/core/server'; - -import type { RuleToImport } from '../../../../../../common/api/detection_engine'; -import type { ImportRuleResponse } from '../../../routes/utils'; -import { createBulkErrorObject } from '../../../routes/utils'; -import { checkRuleExceptionReferences } from './check_rule_exception_references'; -import type { IDetectionRulesClient } from '../detection_rules_client/detection_rules_client_interface'; -import { getReferencedExceptionLists } from './gather_referenced_exceptions'; -import { isRuleConflictError, isRuleImportError } from './errors'; - -/** - * Takes rules to be imported and either creates or updates rules - * based on user overwrite preferences. - * - * @deprecated Use {@link importRules} instead. - * @param ruleChunks {@link RuleToImport} - rules being imported - * @param overwriteRules {boolean} - whether to overwrite existing rules - * with imported rules if their rule_id matches - * @param detectionRulesClient {object} - * @returns {Promise} an array of error and success messages from import - */ -export const importRulesLegacy = async ({ - ruleChunks, - overwriteRules, - detectionRulesClient, - allowMissingConnectorSecrets, - savedObjectsClient, -}: { - ruleChunks: RuleToImport[][]; - overwriteRules: boolean; - detectionRulesClient: IDetectionRulesClient; - allowMissingConnectorSecrets?: boolean; - savedObjectsClient: SavedObjectsClientContract; -}): Promise => { - const response: ImportRuleResponse[] = []; - - if (ruleChunks.length === 0) { - return response; - } - - while (ruleChunks.length) { - const batchParseObjects = ruleChunks.shift() ?? []; - const existingLists = await getReferencedExceptionLists({ - rules: batchParseObjects, - savedObjectsClient, - }); - const newImportRuleResponse = await Promise.all( - batchParseObjects.reduce>>((accum, parsedRule) => { - const importsWorkerPromise = new Promise(async (resolve, reject) => { - try { - if (parsedRule.immutable) { - resolve( - createBulkErrorObject({ - statusCode: 400, - message: i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.importPrebuiltRulesUnsupported', - { - defaultMessage: - 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: {ruleId}]', - values: { ruleId: parsedRule.rule_id }, - } - ), - ruleId: parsedRule.rule_id, - }) - ); - - return null; - } - - try { - const [exceptionErrors, exceptions] = checkRuleExceptionReferences({ - rule: parsedRule, - existingLists, - }); - - const exceptionBulkErrors = exceptionErrors.map((error) => - createBulkErrorObject({ - ruleId: error.error.ruleId, - statusCode: 400, - message: error.error.message, - }) - ); - - response.push(...exceptionBulkErrors); - - const importedRule = await detectionRulesClient.importRule({ - ruleToImport: { - ...parsedRule, - exceptions_list: [...exceptions], - }, - overwriteRules, - allowMissingConnectorSecrets, - }); - - resolve({ - rule_id: importedRule.rule_id, - status_code: 200, - }); - } catch (err) { - const { error, statusCode, message } = err; - if (isRuleImportError(err)) { - resolve( - createBulkErrorObject({ - message: err.error.message, - statusCode: isRuleConflictError(err) ? 409 : 400, - ruleId: err.error.ruleId, - }) - ); - return null; - } - - resolve( - createBulkErrorObject({ - ruleId: parsedRule.rule_id, - statusCode: statusCode ?? error?.status_code ?? 400, - message: message ?? error?.message ?? 'unknown error', - }) - ); - } - } catch (error) { - reject(error); - } - }); - return [...accum, importsWorkerPromise]; - }, []) - ); - response.push(...newImportRuleResponse); - } - - return response; -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts index 0240ecf463b92..49bb40b06d39b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts @@ -20,15 +20,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - ESS Env Basic License', }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts deleted file mode 100644 index f2d3d95ab73c6..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_trial_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - ESS Env Trial License', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts deleted file mode 100644 index 31ec88719d01c..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_complete_tier.config.ts +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - Serverless Env Complete Tier', - }, - kbnTestServerArgs: [], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts index 65eb68d9be669..1983a1f5bdc5b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - Serverless Env Essentials Tier', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts index ff46ebb70d7c8..a4b57fbb77ea9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts @@ -20,15 +20,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - ESS Env', }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts index 8c1d777665667..e9d65f209eb70 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts index 944699b362cfe..3ebc09e11f2fb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts @@ -20,15 +20,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts index 5fb299b71e58d..691330c33c12a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts index 944699b362cfe..3ebc09e11f2fb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts @@ -20,15 +20,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts index 5fb299b71e58d..691330c33c12a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index e0fd809651d0e..904ae2aab9a30 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -1525,7 +1525,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ]; cases.forEach(({ type, value }) => { - it(`should return error when trying to apply "${type}" edit action to prebuilt rule`, async () => { + it(`should NOT return error when trying to apply "${type}" edit action to prebuilt rule`, async () => { await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); @@ -1540,23 +1540,11 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }) - .expect(500); + .expect(200); - expect(body.attributes.summary).toEqual({ - failed: 1, - skipped: 0, - succeeded: 0, - total: 1, - }); - expect(body.attributes.errors[0]).toEqual({ - message: "Elastic rule can't be edited", - status_code: 500, - rules: [ - { - id: prebuiltRule.id, - name: prebuiltRule.name, - }, - ], + expect(body).toMatchObject({ + success: true, + rules_count: 1, }); }); }); @@ -2071,63 +2059,6 @@ export default ({ getService }: FtrProviderContext): void => { expect(prebuiltRule.version).toBe(readRule.version); }); }); - - // if rule action is applied together with another edit action, that can't be applied to prebuilt rule (for example: tags action) - // bulk edit request should return error - it(`should return error if one of edit action is not eligible for prebuilt rule`, async () => { - await installMockPrebuiltRules(supertest, es); - const prebuiltRule = await fetchPrebuiltRule(); - const webHookConnector = await createWebHookConnector(); - - const { body } = await postBulkAction() - .send({ - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.set_rule_actions, - value: { - throttle: '1h', - actions: [ - { - ...webHookActionMock, - id: webHookConnector.id, - }, - ], - }, - }, - { - type: BulkActionEditTypeEnum.set_tags, - value: ['tag-1'], - }, - ], - }) - .expect(500); - - expect(body.attributes.summary).toEqual({ - failed: 1, - skipped: 0, - succeeded: 0, - total: 1, - }); - expect(body.attributes.errors[0]).toEqual({ - message: "Elastic rule can't be edited", - status_code: 500, - rules: [ - { - id: prebuiltRule.id, - name: prebuiltRule.name, - }, - ], - }); - - // Check that the updates were not made - const { body: readRule } = await fetchRule(prebuiltRule.rule_id).expect(200); - - expect(readRule.actions).toEqual(prebuiltRule.actions); - expect(readRule.tags).toEqual(prebuiltRule.tags); - expect(readRule.version).toBe(prebuiltRule.version); - }); }); describe('throttle', () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts index 3a82c28dc944b..ed1ef1d4ee071 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts @@ -201,47 +201,29 @@ export default ({ getService }: FtrProviderContext): void => { expect(ruleBody.tags).toEqual(tags); }); - it('should validate immutable rule edit', async () => { + it('should allow prebuilt rules edit', async () => { await installMockPrebuiltRules(supertest, es); const { body: findBody } = await securitySolutionApi .findRules({ query: { per_page: 1, filter: 'alert.attributes.params.immutable: true' } }) .expect(200); - const immutableRule = findBody.data[0]; + const prebuiltRule = findBody.data[0]; const { body } = await securitySolutionApi .performRulesBulkAction({ query: { dry_run: true }, body: { - ids: [immutableRule.id], + ids: [prebuiltRule.id], action: BulkActionTypeEnum.edit, [BulkActionTypeEnum.edit]: [ { type: BulkActionEditTypeEnum.set_tags, value: ['reset-tag'] }, ], }, }) - .expect(500); - - expect(body.attributes.summary).toEqual({ failed: 1, skipped: 0, succeeded: 0, total: 1 }); - expect(body.attributes.results).toEqual({ - updated: [], - skipped: [], - created: [], - deleted: [], - }); + .expect(200); - expect(body.attributes.errors).toHaveLength(1); - expect(body.attributes.errors[0]).toEqual({ - err_code: 'IMMUTABLE', - message: "Elastic rule can't be edited", - status_code: 500, - rules: [ - { - id: immutableRule.id, - name: immutableRule.name, - }, - ], - }); + expect(body).toMatchObject({ success: true }); + expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 }); }); describe('validate updating index pattern for machine learning rule', () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts index 780ea70647a1a..e72ae9a45ecb4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts @@ -21,15 +21,5 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); - return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts index 730ccf0269a9c..ac783accd0b12 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts index 0acf5f559a070..679ecd0115bc5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_basic_license.config.ts @@ -21,15 +21,5 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); - return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts index c9dd717d27aa9..95c445afdc7fc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts index 762a2dc673c1f..c037f95548a56 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts @@ -21,15 +21,5 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); - return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts index a14e096f3af3f..46738a39c1ff1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts index e5013e2fd46c9..c8582fc7c20da 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts @@ -21,15 +21,5 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { }, }; - testConfig.kbnTestServer.serverArgs = testConfig.kbnTestServer.serverArgs.map((arg: string) => { - // Override the default value of `--xpack.securitySolution.enableExperimental` to enable the prebuilt rules customization feature - if (arg.includes('--xpack.securitySolution.enableExperimental')) { - return `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`; - } - return arg; - }); - return testConfig; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts index 24f23cb56fe06..8648e1b49387f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts @@ -13,9 +13,4 @@ export default createTestConfig({ reportName: 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Serverless Env', }, - kbnTestServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index b9ed8c3e0ac38..ce5ccc91d8364 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -1625,7 +1625,27 @@ export default ({ getService }: FtrProviderContext): void => { describe('supporting prebuilt rule customization', () => { describe('compatibility with prebuilt rule fields', () => { - it('imports custom rules alongside prebuilt rules when feature flag is disabled', async () => { + it('accepts rules with "immutable: true"', async () => { + const rule = getCustomQueryRuleParams({ + rule_id: 'rule-immutable', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + }); + const ndjson = combineToNdJson(rule); + + const { body } = await supertest + .post(DETECTION_ENGINE_RULES_IMPORT_URL) + .set('kbn-xsrf', 'true') + .set('elastic-api-version', '2023-10-31') + .attach('file', Buffer.from(ndjson), 'rules.ndjson') + .expect(200); + + expect(body).toMatchObject({ + success: true, + }); + }); + + it('imports custom rules alongside prebuilt rules', async () => { const ndjson = combineToNdJson( getCustomQueryRuleParams({ rule_id: 'rule-immutable', @@ -1644,18 +1664,8 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); expect(body).toMatchObject({ - success: false, - success_count: 1, - errors: [ - { - rule_id: 'rule-immutable', - error: { - status_code: 400, - message: - 'Importing prebuilt rules is not supported. To import this rule as a custom rule, first duplicate the rule and then export it. [rule_id: rule-immutable]', - }, - }, - ], + success: true, + success_count: 2, }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/export_prebuilt_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/export_prebuilt_rule.cy.ts index 609ad1943f870..fef399f4259d5 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/export_prebuilt_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/export_prebuilt_rule.cy.ts @@ -36,15 +36,6 @@ describe( 'Detection rules, Prebuilt Rules Export workflow - With Rule Customization', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], - env: { - ftrConfig: { - kbnServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], - }, - }, }, () => { describe('Rule export workflow with single rules', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/import_prebuilt_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/import_prebuilt_rule.cy.ts index 2c3688a9d4683..b129c7d8ae73b 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/import_prebuilt_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/import_prebuilt_rule.cy.ts @@ -25,15 +25,6 @@ describe( 'Detection rules, Prebuilt Rules Import workflow - With Rule Customization', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], - env: { - ftrConfig: { - kbnServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], - }, - }, }, () => { describe('when file is unmodified prebuilt rule with matching rule_id', () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts index 3ff737c2999c9..f4788dfb46063 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/prebuilt_rules_preview.cy.ts @@ -66,6 +66,7 @@ import { visitRulesManagementTable } from '../../../../tasks/rules_management'; import { deleteAlertsAndRules, deleteDataView, + deletePrebuiltRulesAssets, postDataView, } from '../../../../tasks/api_calls/common'; import { enableRules, waitForRulesToFinishExecution } from '../../../../tasks/api_calls/rules'; @@ -379,6 +380,7 @@ describe( login(); resetRulesTableState(); + deletePrebuiltRulesAssets(); deleteAlertsAndRules(); visitRulesManagementTable(); @@ -1167,17 +1169,12 @@ describe( openRuleUpdatePreview(OUTDATED_RULE_1['security-rule'].name); assertSelectedPreviewTab(PREVIEW_TABS.UPDATES); // Should be open by default - cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Current rule').should('be.visible'); - cy.get(UPDATE_PREBUILT_RULE_PREVIEW).contains('Elastic update').should('be.visible'); - - cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 2); + cy.get(PER_FIELD_DIFF_WRAPPER).should('have.length', 1); + cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible'); - /* Version should be the first field in the order */ - cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('Version').should('be.visible'); - cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('1').should('be.visible'); - cy.get(PER_FIELD_DIFF_WRAPPER).first().contains('2').should('be.visible'); + // expand Name field section + cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').click(); - cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Name').should('be.visible'); cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Outdated rule 1').should('be.visible'); cy.get(PER_FIELD_DIFF_WRAPPER).last().contains('Updated rule 1').should('be.visible'); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/rule_customization.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/rule_customization.cy.ts index 55d67428fae8f..ff8dd8ffd12d6 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/rule_customization.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/rule_customization.cy.ts @@ -65,15 +65,6 @@ describe( 'Detection rules, Prebuilt Rules Customization workflow', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], - env: { - ftrConfig: { - kbnServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], - }, - }, }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts index e011a983384fc..459944fb89c62 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/update_workflow_customized_rules.cy.ts @@ -45,15 +45,6 @@ describe( 'Detection rules, Prebuilt Rules Installation and Update workflow - With Rule Customization, Rule Updates Table', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'], - env: { - ftrConfig: { - kbnServerArgs: [ - `--xpack.securitySolution.enableExperimental=${JSON.stringify([ - 'prebuiltRulesCustomizationEnabled', - ])}`, - ], - }, - }, }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/related_integrations/related_integrations.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/related_integrations/related_integrations.cy.ts index 06e73f78ac2ad..c8cd5a0f83aef 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/related_integrations/related_integrations.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/related_integrations/related_integrations.cy.ts @@ -123,7 +123,7 @@ describe('Related integrations', { tags: ['@ess', '@serverless', '@skipInServerl it('should display a badge with the installed integrations', () => { cy.get(INTEGRATIONS_POPOVER).should( 'have.text', - `0/${EXPECTED_RELATED_INTEGRATIONS.length} integrations` + `0/${EXPECTED_RELATED_INTEGRATIONS.length}` ); }); @@ -199,7 +199,7 @@ describe('Related integrations', { tags: ['@ess', '@serverless', '@skipInServerl it('should display a badge with the installed integrations', () => { cy.get(INTEGRATIONS_POPOVER).should( 'have.text', - `2/${EXPECTED_RELATED_INTEGRATIONS.length} integrations` + `2/${EXPECTED_RELATED_INTEGRATIONS.length}` ); }); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts index dcc0cebc32ca3..19454bfbc9449 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts @@ -5,10 +5,12 @@ * 2.0. */ -import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common'; +import { + deleteAlertsAndRules, + deletePrebuiltRulesAssets, +} from '../../../../../tasks/api_calls/common'; import { MODAL_CONFIRMATION_BTN, - MODAL_CONFIRMATION_BODY, RULES_TAGS_POPOVER_BTN, MODAL_ERROR_BODY, } from '../../../../../screens/alerts_detection_rules'; @@ -36,12 +38,10 @@ import { testAllTagsBadges, testTagsBadge, testMultipleSelectedRulesLabel, - filterByElasticRules, clickErrorToastBtn, cancelConfirmationModal, selectRulesByName, getRulesManagementTableRows, - selectAllRulesOnPage, getRuleRow, disableAutoRefresh, } from '../../../../../tasks/alerts_detection_rules'; @@ -51,17 +51,14 @@ import { waitForBulkEditActionToFinish, submitBulkEditForm, clickAddIndexPatternsMenuItem, - checkPrebuiltRulesCannotBeModified, checkMachineLearningRulesCannotBeModified, checkEsqlRulesCannotBeModified, - waitForMixedRulesBulkEditModal, openBulkEditAddTagsForm, openBulkEditDeleteTagsForm, typeTags, openTagsSelect, openBulkActionsMenu, clickApplyTimelineTemplatesMenuItem, - clickAddTagsMenuItem, checkOverwriteTagsCheckbox, checkOverwriteIndexPatternsCheckbox, openBulkEditAddIndexPatternsForm, @@ -107,7 +104,6 @@ import { import { createAndInstallMockedPrebuiltRules, - getAvailablePrebuiltRulesCount, preventPrebuiltRulesPackageInstallation, } from '../../../../../tasks/api_calls/prebuilt_rules'; import { setRowsPerPageTo, sortByTableColumn } from '../../../../../tasks/table_pagination'; @@ -135,10 +131,26 @@ describe( () => { beforeEach(() => { login(); - preventPrebuiltRulesPackageInstallation(); // Make sure prebuilt rules aren't pulled from Fleet API // Make sure persisted rules table state is cleared resetRulesTableState(); deleteAlertsAndRules(); + deletePrebuiltRulesAssets(); + + const PREBUILT_RULES = [ + createRuleAssetSavedObject({ + ...defaultRuleData, + name: 'Prebuilt rule 1', + rule_id: 'rule_1', + }), + createRuleAssetSavedObject({ + ...defaultRuleData, + name: 'Prebuilt rule 2', + rule_id: 'rule_2', + }), + ]; + + createAndInstallMockedPrebuiltRules(PREBUILT_RULES); + createRule(getNewRule({ name: RULE_NAME, ...defaultRuleData, rule_id: '1', enabled: false })); createRule( getEqlRule({ ...defaultRuleData, rule_id: '2', name: 'New EQL Rule', enabled: false }) @@ -146,7 +158,7 @@ describe( createRule( getMachineLearningRule({ name: 'New ML Rule Test', - tags: ['test-default-tag-1', 'test-default-tag-2'], + tags: prePopulatedTags, investigation_fields: { field_names: prePopulatedInvestigationFields }, enabled: false, }) @@ -181,17 +193,6 @@ describe( }); describe('Prerequisites', () => { - const PREBUILT_RULES = [ - createRuleAssetSavedObject({ - name: 'Prebuilt rule 1', - rule_id: 'rule_1', - }), - createRuleAssetSavedObject({ - name: 'Prebuilt rule 2', - rule_id: 'rule_2', - }), - ]; - it('No rules selected', () => { openBulkActionsMenu(); @@ -201,77 +202,6 @@ describe( cy.get(APPLY_TIMELINE_RULE_BULK_MENU_ITEM).should('be.disabled'); }); - // github.com/elastic/kibana/issues/179954 - it('Only prebuilt rules selected', { tags: ['@skipInServerlessMKI'] }, () => { - createAndInstallMockedPrebuiltRules(PREBUILT_RULES); - - // select Elastic(prebuilt) rules, check if we can't proceed further, as Elastic rules are not editable - filterByElasticRules(); - selectAllRulesOnPage(); - clickApplyTimelineTemplatesMenuItem(); - - getRulesManagementTableRows().then((rows) => { - // check modal window for Elastic rule that can't be edited - checkPrebuiltRulesCannotBeModified(rows.length); - - // the confirm button closes modal - cy.get(MODAL_CONFIRMATION_BTN).should('have.text', 'Close').click(); - cy.get(MODAL_CONFIRMATION_BODY).should('not.exist'); - }); - }); - - // https://github.com/elastic/kibana/issues/179955 - it( - 'Prebuilt and custom rules selected: user proceeds with custom rules editing', - { tags: ['@skipInServerlessMKI'] }, - () => { - getRulesManagementTableRows().then((existedRulesRows) => { - createAndInstallMockedPrebuiltRules(PREBUILT_RULES); - - // modal window should show how many rules can be edit, how many not - selectAllRules(); - clickAddTagsMenuItem(); - - waitForMixedRulesBulkEditModal(existedRulesRows.length); - - getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => { - checkPrebuiltRulesCannotBeModified(availablePrebuiltRulesCount); - }); - - // user can proceed with custom rule editing - cy.get(MODAL_CONFIRMATION_BTN) - .should('have.text', `Edit ${existedRulesRows.length} rules`) - .click(); - - // action should finish - typeTags(['test-tag']); - submitBulkEditForm(); - waitForBulkEditActionToFinish({ updatedCount: existedRulesRows.length }); - }); - } - ); - - // https://github.com/elastic/kibana/issues/179956 - it( - 'Prebuilt and custom rules selected: user cancels action', - { tags: ['@skipInServerlessMKI'] }, - () => { - createAndInstallMockedPrebuiltRules(PREBUILT_RULES); - - getRulesManagementTableRows().then((rows) => { - // modal window should show how many rules can be edit, how many not - selectAllRules(); - clickAddTagsMenuItem(); - waitForMixedRulesBulkEditModal(rows.length); - - checkPrebuiltRulesCannotBeModified(PREBUILT_RULES.length); - - // user cancels action and modal disappears - cancelConfirmationModal(); - }); - } - ); - it('should not lose rules selection after edit action', () => { const rulesToUpdate = [RULE_NAME, 'New EQL Rule', 'New Terms Rule'] as const; // Switch to 5 rules per page, to have few pages in pagination(ideal way to test auto refresh and selection of few items) @@ -313,7 +243,7 @@ describe( }); }); - it('Add tags to custom rules', () => { + it('Add tags', () => { getRulesManagementTableRows().then((rows) => { const tagsToBeAdded = ['tag-to-add-1', 'tag-to-add-2']; const resultingTags = [...prePopulatedTags, ...tagsToBeAdded]; @@ -356,7 +286,7 @@ describe( }); }); - it('Overwrite tags in custom rules', () => { + it('Overwrite tags', () => { getRulesManagementTableRows().then((rows) => { const tagsToOverwrite = ['overwrite-tag-1']; @@ -386,7 +316,7 @@ describe( }); }); - it('Delete tags from custom rules', () => { + it('Delete tags from', () => { getRulesManagementTableRows().then((rows) => { const tagsToDelete = prePopulatedTags.slice(0, 1); const resultingTags = prePopulatedTags.slice(1); @@ -412,7 +342,7 @@ describe( }); describe('Index patterns', () => { - it('Index pattern action applied to custom rules, including machine learning: user proceeds with edit of custom non machine learning rule', () => { + it('Index pattern action applied, including machine learning: user proceeds with edit of non machine learning rule', () => { getRulesManagementTableRows().then((rows) => { const indexPattersToBeAdded = ['index-to-add-1-*', 'index-to-add-2-*']; const resultingIndexPatterns = [...prePopulatedIndexPatterns, ...indexPattersToBeAdded]; @@ -420,7 +350,7 @@ describe( selectAllRules(); clickAddIndexPatternsMenuItem(); - // confirm editing custom rules, that are not Machine Learning + // confirm editing all rules, that are not Machine Learning checkMachineLearningRulesCannotBeModified(expectedNumberOfMachineLearningRulesToBeEdited); cy.get(MODAL_CONFIRMATION_BTN).click(); @@ -437,18 +367,18 @@ describe( }); }); - it('Index pattern action applied to custom rules, including machine learning: user cancels action', () => { + it('Index pattern action applied to all rules, including machine learning: user cancels action', () => { selectAllRules(); clickAddIndexPatternsMenuItem(); - // confirm editing custom rules, that are not Machine Learning + // confirm editing all rules, that are not Machine Learning checkMachineLearningRulesCannotBeModified(expectedNumberOfMachineLearningRulesToBeEdited); // user cancels action and modal disappears cancelConfirmationModal(); }); - it('Add index patterns to custom rules', () => { + it('Add index patterns', () => { getRulesManagementTableRows().then((rows) => { const indexPattersToBeAdded = ['index-to-add-1-*', 'index-to-add-2-*']; const resultingIndexPatterns = [...prePopulatedIndexPatterns, ...indexPattersToBeAdded]; @@ -460,6 +390,8 @@ describe( 'Threat Indicator Rule Test', 'Threshold Rule', 'New Terms Rule', + 'Prebuilt rule 1', + 'Prebuilt rule 2', ]); openBulkEditAddIndexPatternsForm(); @@ -487,6 +419,8 @@ describe( 'Threat Indicator Rule Test', 'Threshold Rule', 'New Terms Rule', + 'Prebuilt rule 1', + 'Prebuilt rule 2', ]); openBulkEditAddIndexPatternsForm(); @@ -499,13 +433,15 @@ describe( }); }); - it('Overwrite index patterns in custom rules', () => { + it('Overwrite index patterns', () => { const rulesToSelect = [ RULE_NAME, 'New EQL Rule', 'Threat Indicator Rule Test', 'Threshold Rule', 'New Terms Rule', + 'Prebuilt rule 1', + 'Prebuilt rule 2', ] as const; const indexPattersToWrite = ['index-to-write-1-*', 'index-to-write-2-*']; @@ -531,13 +467,15 @@ describe( hasIndexPatterns(indexPattersToWrite.join('')); }); - it('Delete index patterns from custom rules', () => { + it('Delete index patterns', () => { const rulesToSelect = [ RULE_NAME, 'New EQL Rule', 'Threat Indicator Rule Test', 'Threshold Rule', 'New Terms Rule', + 'Prebuilt rule 1', + 'Prebuilt rule 2', ] as const; const indexPatternsToDelete = prePopulatedIndexPatterns.slice(0, 1); const resultingIndexPatterns = prePopulatedIndexPatterns.slice(1); @@ -556,13 +494,15 @@ describe( hasIndexPatterns(resultingIndexPatterns.join('')); }); - it('Delete all index patterns from custom rules', () => { + it('Delete all index patterns', () => { const rulesToSelect = [ RULE_NAME, 'New EQL Rule', 'Threat Indicator Rule Test', 'Threshold Rule', 'New Terms Rule', + 'Prebuilt rule 1', + 'Prebuilt rule 2', ] as const; // select only rules that are not ML @@ -582,14 +522,14 @@ describe( }); describe('Investigation fields actions', () => { - it('Add investigation fields to custom rules', () => { + it('Add investigation fields', () => { getRulesManagementTableRows().then((rows) => { const fieldsToBeAdded = ['source.ip', 'destination.ip']; const resultingFields = [...prePopulatedInvestigationFields, ...fieldsToBeAdded]; selectAllRules(); - // open add custom highlighted fields form and add 2 new fields + // open add highlighted fields form and add 2 new fields openBulkEditAddInvestigationFieldsForm(); typeInvestigationFields(fieldsToBeAdded); submitBulkEditForm(); @@ -601,7 +541,7 @@ describe( }); }); - it('Overwrite investigation fields in custom rules', () => { + it('Overwrite investigation fields', () => { getRulesManagementTableRows().then((rows) => { const fieldsToOverwrite = ['source.ip']; @@ -626,7 +566,7 @@ describe( }); }); - it('Delete investigation fields from custom rules', () => { + it('Delete investigation fields', () => { getRulesManagementTableRows().then((rows) => { const fieldsToDelete = prePopulatedInvestigationFields.slice(0, 1); const resultingFields = prePopulatedInvestigationFields.slice(1); @@ -645,7 +585,7 @@ describe( }); }); - it('Delete all investigation fields from custom rules', () => { + it('Delete all investigation fields', () => { getRulesManagementTableRows().then((rows) => { selectAllRules(); @@ -666,7 +606,7 @@ describe( loadPrepackagedTimelineTemplates(); }); - it('Apply timeline template to custom rules', () => { + it('Apply timeline template', () => { getRulesManagementTableRows().then((rows) => { const timelineTemplateName = 'Generic Endpoint Timeline'; @@ -688,7 +628,7 @@ describe( }); }); - it('Reset timeline template to None for custom rules', () => { + it('Reset timeline template to None', () => { getRulesManagementTableRows().then((rows) => { const noneTimelineTemplate = 'None'; @@ -722,7 +662,7 @@ describe( }); }); - it('Updates schedule for custom rules', () => { + it('Updates schedule', () => { getRulesManagementTableRows().then((rows) => { selectAllRules(); clickUpdateScheduleMenuItem(); @@ -747,7 +687,7 @@ describe( }); }); - it('Validates invalid inputs when scheduling for custom rules', () => { + it('Validates invalid inputs when scheduling', () => { getRulesManagementTableRows().then((rows) => { selectAllRules(); clickUpdateScheduleMenuItem(); @@ -834,7 +774,7 @@ describe('Detection rules, bulk edit, ES|QL rule type', { tags: ['@ess'] }, () = selectAllRules(); clickAddIndexPatternsMenuItem(); - // confirm editing custom rules, that are not Machine Learning + // confirm editing all rules, that are not Machine Learning checkEsqlRulesCannotBeModified(1); // user cancels action and modal disappears diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/export_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/export_rule.cy.ts index 7f313793866ad..d1d77bd3c7f86 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/export_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/export_rule.cy.ts @@ -7,16 +7,13 @@ import path from 'path'; -import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common'; -import { expectedExportedRule, getNewRule } from '../../../../../objects/rule'; import { - TOASTER_BODY, - MODAL_CONFIRMATION_BODY, - MODAL_CONFIRMATION_BTN, - TOASTER, -} from '../../../../../screens/alerts_detection_rules'; + deleteAlertsAndRules, + deletePrebuiltRulesAssets, +} from '../../../../../tasks/api_calls/common'; +import { expectedExportedRule, getNewRule } from '../../../../../objects/rule'; +import { TOASTER_BODY, TOASTER } from '../../../../../screens/alerts_detection_rules'; import { - filterByElasticRules, selectAllRules, waitForRuleExecution, exportRule, @@ -33,7 +30,6 @@ import { createRule } from '../../../../../tasks/api_calls/rules'; import { resetRulesTableState } from '../../../../../tasks/common'; import { login } from '../../../../../tasks/login'; import { visit } from '../../../../../tasks/navigation'; - import { RULES_MANAGEMENT_URL } from '../../../../../urls/rules_management'; import { createAndInstallMockedPrebuiltRules, @@ -56,9 +52,12 @@ describe('Export rules', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] const downloadsFolder = Cypress.config('downloadsFolder'); beforeEach(() => { + preventPrebuiltRulesPackageInstallation(); + login(); // Make sure persisted rules table state is cleared resetRulesTableState(); + deletePrebuiltRulesAssets(); deleteAlertsAndRules(); // Rules get exported via _bulk_action endpoint cy.intercept('POST', '/api/detection_engine/rules/_bulk_action').as('bulk_action'); @@ -93,25 +92,8 @@ describe('Export rules', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] expectManagementTableRules(['Enabled rule to export']); }); - // https://github.com/elastic/kibana/issues/179959 - it( - 'shows a modal saying that no rules can be exported if all the selected rules are prebuilt', - { tags: ['@skipInServerlessMKI'] }, - function () { - createAndInstallMockedPrebuiltRules(prebuiltRules); - - filterByElasticRules(); - selectAllRules(); - bulkExportRules(); - - cy.get(MODAL_CONFIRMATION_BODY).contains( - `${prebuiltRules.length} prebuilt Elastic rules (exporting prebuilt rules is not supported)` - ); - } - ); - // https://github.com/elastic/kibana/issues/179960 - it('exports only custom rules', { tags: ['@skipInServerless'] }, function () { + it('exports all rules', { tags: ['@skipInServerless'] }, function () { const expectedNumberCustomRulesToBeExported = 1; createAndInstallMockedPrebuiltRules(prebuiltRules); @@ -119,23 +101,12 @@ describe('Export rules', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] selectAllRules(); bulkExportRules(); - getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => { - cy.get(MODAL_CONFIRMATION_BODY).contains( - `${availablePrebuiltRulesCount} prebuilt Elastic rules (exporting prebuilt rules is not supported)` - ); - }); - - // proceed with exporting only custom rules - cy.get(MODAL_CONFIRMATION_BTN) - .should('have.text', `Export ${expectedNumberCustomRulesToBeExported} rule`) - .click(); - getAvailablePrebuiltRulesCount().then((availablePrebuiltRulesCount) => { const totalNumberOfRules = expectedNumberCustomRulesToBeExported + availablePrebuiltRulesCount; cy.get(TOASTER_BODY).should( 'contain', - `Successfully exported ${expectedNumberCustomRulesToBeExported} of ${totalNumberOfRules} rules. Prebuilt rules were excluded from the resulting file.` + `Successfully exported ${totalNumberOfRules} of ${totalNumberOfRules} rules.` ); }); }); @@ -166,18 +137,13 @@ describe('Export rules', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] // https://github.com/elastic/kibana/issues/180029 it('exports custom rules with exceptions', { tags: ['@skipInServerlessMKI'] }, function () { // one rule with exception, one without it - const expectedNumberCustomRulesToBeExported = 2; + const expectedNumberCustomRulesToBeExported = prebuiltRules.length + 2; // prebuilt rules + a custom rule + a rule with exceptions createAndInstallMockedPrebuiltRules(prebuiltRules); cy.reload(); selectAllRules(); bulkExportRules(); - // should display correct number of custom rules when one of them has exceptions - cy.get(MODAL_CONFIRMATION_BTN) - .should('have.text', `Export ${expectedNumberCustomRulesToBeExported} rules`) - .click(); - cy.get(TOASTER_BODY).should( 'contain', `Successfully exported ${expectedNumberCustomRulesToBeExported}` diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/import_rules.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/import_rules.cy.ts index 0cd0a0a687e4e..5dfe0fa7649e8 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/import_rules.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/import_export/import_rules.cy.ts @@ -11,19 +11,26 @@ import { importRules, importRulesWithOverwriteAll, } from '../../../../../tasks/alerts_detection_rules'; -import { deleteAlertsAndRules } from '../../../../../tasks/api_calls/common'; +import { + deleteAlertsAndRules, + deletePrebuiltRulesAssets, +} from '../../../../../tasks/api_calls/common'; import { deleteExceptionList } from '../../../../../tasks/api_calls/exceptions'; import { login } from '../../../../../tasks/login'; import { visit } from '../../../../../tasks/navigation'; - +import { preventPrebuiltRulesPackageInstallation } from '../../../../../tasks/api_calls/prebuilt_rules'; import { RULES_MANAGEMENT_URL } from '../../../../../urls/rules_management'; + const RULES_TO_IMPORT_FILENAME = 'cypress/fixtures/7_16_rules.ndjson'; const IMPORTED_EXCEPTION_ID = 'b8dfd17f-1e11-41b0-ae7e-9e7f8237de49'; describe('Import rules', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] }, () => { beforeEach(() => { + preventPrebuiltRulesPackageInstallation(); + login(); deleteAlertsAndRules(); + deletePrebuiltRulesAssets(); deleteExceptionList(IMPORTED_EXCEPTION_ID, 'single'); cy.intercept('POST', '/api/detection_engine/rules/_import*').as('import'); visit(RULES_MANAGEMENT_URL); diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts b/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts index 501989f6c5b69..01c5bc391f91c 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/rules_bulk_actions.ts @@ -409,12 +409,6 @@ export const waitForBulkEditActionToFinish = ({ } }; -export const checkPrebuiltRulesCannotBeModified = (rulesCount: number) => { - cy.get(MODAL_CONFIRMATION_BODY).contains( - `${rulesCount} prebuilt Elastic rules (editing prebuilt rules is not supported)` - ); -}; - export const checkMachineLearningRulesCannotBeModified = (rulesCount: number) => { cy.get(MODAL_CONFIRMATION_BODY).contains( `${rulesCount} machine learning rule (these rules don't have index patterns)`