b5ae056ac4
* Adds helper to normalize legacy ML rule field to an array This will be used on read of rules, to normalize legacy rules while avoiding an explicit migration. * Fix our detection-specific ML search function Luckily this was just a translation layer to our anomaly call, and the underlying functions already accepted an array of strings. * WIP: Run rules against multiple ML Job IDs We don't yet support creation of rules with multiple job ids, either on the API or the UI, but when we do they will work. Note: the logic was previously to generate an error if the underlying job was not running, but to still query and generate alerts. Extending that logic to multiple jobs: if any are not running, we generate an error but continue querying and generating alerts. * WIP: updating ml rule schemas to support multiple job IDs * Simplify normalization method We don't care about null or empty string values here; those were holdovers from copying the logic of normalizeThreshold and don't apply to this situation. * Move normalized types to separate file to fix circular dependency Our use of NonEmptyArray within common/schemas seemed to be causing the above; this fixes it for now. * Normalize ML job_ids param at the API layer Previous changes to the base types already covered the majority of routes; this updates the miscellaneous helpers that don't leverage those shared utilities. At the DB level, the forthcoming migration will ensure that we always have "normalized" job IDs as an array. * Count stopped ML Jobs as partial failure during ML Rule execution Since we continue to query anomalies and potentially generate alerts, a "failure" status is no longer the most accurate for this situation. * Update 7.13 alerts migration to allow multi-job ML Rules This ensures that we can assume string[] for this field during rule execution. * Display N job statuses on rule details * WIP: converts MLJobSelect to a multiselect Unfortunately, the SuperSelect does not allow multiselect so we need to convert this to a combobox. Luckily we can reuse most of the code here and remain relatively clean. Since all combobox options must be the same (fixed) height, we're somewhat more limited than before for displaying the rows. The truncation appears fine, but I need to figure out a way to display the full description as well. * Update client-side logic to handle an array of ML job_ids * Marginally more legible error message * Conditionally call our normalize helper only if we have a value This fixes a type error where TS could not infer that the return value would not be undefined despite knowing that the argument was never undefined. I tried some fancy conditional generic types, but that didn't work. This is more analogous to normalizeThresholdObject now, anyway. * Fix remaining type error * Clean up our ML executor tests with existing contract mocks * Update ML Executor tests with new logic We now record a partial failure instead of an error. * Add and update tests for new ML normalization logic * Add and update integration tests for ML Rules Ensures that dealing with legacy job formats continues to work in the API. * Fix a type error These params can no longer be strings. * Update ML cypress test to create a rule with 2 ML jobs If we can create a rule with 2 jobs, we should also be able to create a rule with 1 job. * Remove unused constant * Persist a partial failure message written by a rule executor We added the result.warning field as a way to indicate that a partial failure was written to the rule, but neglected to account for that in the main rule execution code, which caused a success status to immediately overwrite the partial failure if the rule execution did not otherwise fail/short-circuit. |
||
|---|---|---|
| .. | ||
| build_chromium | ||
| dev-tools | ||
| examples | ||
| plugins | ||
| scripts | ||
| tasks | ||
| test | ||
| .gitignore | ||
| .i18nrc.json | ||
| .telemetryrc.json | ||
| gulpfile.js | ||
| mocks.ts | ||
| package.json | ||
| README.md | ||
Elastic License Functionality
This directory tree contains files subject to the Elastic License 2.0. The files subject to the Elastic License 2.0 are grouped in this directory to clearly separate them from files dual-licensed under the Server Side Public License and the Elastic License 2.0.
Development
By default, Kibana will run with X-Pack installed as mentioned in the contributing guide.
Elasticsearch will run with a basic license. To run with a trial license, including security, you can specifying that with the yarn es command.
Example: yarn es snapshot --license trial --password changeme
By default, this will also set the password for native realm accounts to the password provided (changeme by default). This includes that of the kibana_system user which elasticsearch.username defaults to in development. If you wish to specify a password for a given native realm account, you can do that like so: --password.kibana_system=notsecure
Testing
For information on testing, see the Elastic functional test development guide.
Running functional tests
The functional UI tests, the API integration tests, and the SAML API integration tests are all run against a live browser, Kibana, and Elasticsearch install. Each set of tests is specified with a unique config that describes how to start the Elasticsearch server, the Kibana server, and what tests to run against them. The sets of tests that exist today are functional UI tests (specified by this config), API integration tests (specified by this config), and SAML API integration tests (specified by this config).
The script runs all sets of tests sequentially like so:
- builds Elasticsearch and X-Pack
- runs Elasticsearch with X-Pack
- starts up the Kibana server with X-Pack
- runs the functional UI tests against those servers
- tears down the servers
- repeats the same process for the API and SAML API integration test configs.
To do all of this in a single command run:
node scripts/functional_tests
Developing functional UI tests
If you are developing functional tests then you probably don't want to rebuild Elasticsearch and wait for all that setup on every test run, so instead use this command to build and start just the Elasticsearch and Kibana servers:
node scripts/functional_tests_server
After the servers are started, open a new terminal and run this command to run just the tests (without tearing down Elasticsearch or Kibana):
node scripts/functional_test_runner
For both of the above commands, it's crucial that you pass in --config to specify the same config file to both commands. This makes sure that the right tests will run against the right servers. Typically a set of tests and server configuration go together.
Read more about how the scripts work here.
For a deeper dive, read more about the way functional tests and servers work here.
Running API integration tests
API integration tests are run with a unique setup usually without UI assets built for the Kibana server.
API integration tests are intended to test only programmatic API exposed by Kibana. There is no need to run browser and simulate user actions, which significantly reduces execution time. In addition, the configuration for API integration tests typically sets optimize.enabled=false for Kibana because UI assets are usually not needed for these tests.
To run only the API integration tests:
node scripts/functional_tests --config test/api_integration/config
Running SAML API integration tests
We also have SAML API integration tests which set up Elasticsearch and Kibana with SAML support. Run only API integration tests with SAML enabled like so:
node scripts/functional_tests --config test/security_api_integration/saml.config
Running Jest integration tests
Jest integration tests can be used to test behavior with Elasticsearch and the Kibana server.
yarn test:jest_integration
Running Reporting functional tests
See here for more information on running reporting tests.
Running Security Solution Cypress E2E/integration tests
See here for information on running this test suite.