From 906554a980d0c80b441dfe07f0839bb0569ac55e Mon Sep 17 00:00:00 2001 From: Jonathan Buttner Date: Thu, 18 Jun 2020 18:31:20 -0400 Subject: [PATCH] Resolving conflicts --- .../apis/endpoint/alerts/index.ts | 176 ------------------ 1 file changed, 176 deletions(-) diff --git a/x-pack/test/api_integration/apis/endpoint/alerts/index.ts b/x-pack/test/api_integration/apis/endpoint/alerts/index.ts index ed287834761d8..45f6a1515d049 100644 --- a/x-pack/test/api_integration/apis/endpoint/alerts/index.ts +++ b/x-pack/test/api_integration/apis/endpoint/alerts/index.ts @@ -5,8 +5,6 @@ */ import expect from '@kbn/expect/expect.js'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { AlertData } from '../../../../../plugins/security_solution/common/endpoint_alerts/types'; -import { eventsIndexPattern } from '../../../../../plugins/security_solution/common/endpoint/constants'; import { deleteEventsStream, deleteMetadataStream, @@ -26,46 +24,8 @@ const numberOfAlertsInFixture = numberOfHosts * numberOfAlertsPerHost; */ const defaultPageSize = 10; -/** - * `NULLABLE_EVENT_FIELD` should be a field in the fixture that exists for some alerts, - * but not all. - * - * This allows us to test sorting and paging on mixed data that may or may not exist - * for each alert. - */ -const NULLABLE_EVENT_FIELD = 'process.parent.entity_id'; - -/** - * An Elasticsearch query to get the alert (or alerts) without `NULLABLE_EVENT_FIELD`. - */ -const ES_QUERY_MISSING = { - query: { - bool: { - must: [ - { - bool: { - must_not: { - exists: { - field: NULLABLE_EVENT_FIELD, - }, - }, - }, - }, - { - term: { - 'event.kind': { - value: 'alert', - }, - }, - }, - ], - }, - }, -}; - export default function ({ getService }: FtrProviderContext) { const supertest = getService('supertest'); - const es = getService('legacyEs'); const client = getService('es'); const nextPrevPrefixQuery = "query=(language:kuery,query:'')"; const nextPrevPrefixDateRange = "date_range=(from:'2018-01-10T00:00:00.000Z',to:now)"; @@ -74,8 +34,6 @@ export default function ({ getService }: FtrProviderContext) { const nextPrevPrefixPageSize = 'page_size=10'; const nextPrevPrefix = `${nextPrevPrefixQuery}&${nextPrevPrefixDateRange}&${nextPrevPrefixSort}&${nextPrevPrefixOrder}&${nextPrevPrefixPageSize}`; - let nullableEventId = ''; - describe('Endpoint alert API', () => { describe('when data is in elasticsearch', () => { before(async () => { @@ -89,12 +47,6 @@ export default function ({ getService }: FtrProviderContext) { 'events-endpoint-1', numberOfAlertsPerHost ); - - const res = await es.search({ - index: eventsIndexPattern, - body: ES_QUERY_MISSING, - }); - nullableEventId = res.hits.hits[0]._source.event.id; }); after(async () => { @@ -260,134 +212,6 @@ export default function ({ getService }: FtrProviderContext) { expect(emptyBody.alerts.length).to.eql(0); }); - it('alerts api should return data using `before` by custom sort parameter, descending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&${nextPrevPrefixPageSize}&${nextPrevPrefixOrder}&sort=process.name&before=malware%20writer&before=4d7afd81-26ec-47c0-9741-ae16d331f73d` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - let valid: boolean = true; - (body.alerts as AlertData[]).forEach((alert) => { - if (alert.process?.name > 'malware writer') { - valid = false; - } - }); - expect(valid).to.eql(true); - }); - - it('alerts api should return data using `before` on undefined primary sort values by custom sort parameter, descending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&${nextPrevPrefixPageSize}&order=desc&sort=${NULLABLE_EVENT_FIELD}&before=&before=${nullableEventId}&empty_string_is_undefined=true` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - - let lastSeen: string | undefined = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz'; - let valid: boolean = true; - - for (const alert of body.alerts) { - const entityId = alert.process?.parent?.entity_id; - if (entityId === undefined && alert.event.id > nullableEventId) { - valid = false; - } - if (entityId !== undefined && lastSeen !== undefined && entityId > lastSeen) { - valid = false; - } else { - lastSeen = entityId; - } - } - - expect(valid).to.eql(true); - }); - - it('alerts api should return data using `before` on undefined primary sort values by custom sort parameter, ascending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&page_size=25&order=asc&sort=${NULLABLE_EVENT_FIELD}&before=&before=${nullableEventId}&empty_string_is_undefined=true` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - - let lastSeen: string | undefined = '1'; - let valid: boolean = true; - - for (const alert of body.alerts) { - const entityId = alert.process?.parent?.entity_id; - if (entityId === undefined && alert.event.id < nullableEventId) { - valid = false; - } - if (entityId !== undefined && lastSeen !== undefined && entityId < lastSeen) { - valid = false; - } else { - lastSeen = entityId; - } - } - expect(valid).to.eql(true); - }); - - it('should return data using `after` by custom sort parameter, descending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&${nextPrevPrefixPageSize}&${nextPrevPrefixOrder}&sort=process.pid&after=3&after=66008e21-2493-4b15-a937-939ea228064a` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - expect(body.alerts.length).to.eql(10); - expect(body.alerts[0].process.pid).to.eql(2); - }); - - it('alerts api should return data using `after` on undefined primary sort values by custom sort parameter, descending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&${nextPrevPrefixPageSize}&sort=${NULLABLE_EVENT_FIELD}&order=desc&after=&after=${nullableEventId}&empty_string_is_undefined=true` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - - let lastSeen: string | undefined = 'zzzzzzzzzzzzzzzzzzzzzzzzzzz'; - let valid: boolean = true; - - for (const alert of body.alerts) { - const entityId = alert.process?.parent?.entity_id; - if (entityId === undefined && alert.event.id < nullableEventId) { - valid = false; - } - if (entityId !== undefined && lastSeen !== undefined && entityId > lastSeen) { - valid = false; - } else { - lastSeen = entityId; - } - } - expect(valid).to.eql(true); - }); - - it('alerts api should return data using `after` on undefined primary sort values by custom sort parameter, ascending', async () => { - const { body } = await supertest - .get( - `/api/endpoint/alerts?${nextPrevPrefixDateRange}&${nextPrevPrefixPageSize}&sort=${NULLABLE_EVENT_FIELD}&order=asc&after=&after=${nullableEventId}&empty_string_is_undefined=true` - ) - .set('kbn-xsrf', 'xxx') - .expect(200); - - let lastSeen: string | undefined = '1'; - let valid: boolean = true; - - for (const alert of body.alerts) { - const entityId = alert.process?.parent?.entity_id; - if (entityId === undefined && alert.event.id < nullableEventId) { - valid = false; - } - if (entityId !== undefined && lastSeen !== undefined && entityId < lastSeen) { - valid = false; - } else { - lastSeen = entityId; - } - } - expect(valid).to.eql(true); - }); - it('should filter results of alert data using rison-encoded filters', async () => { const { body: firstBody } = await supertest .get('/api/endpoint/alerts?page_index=0')