[Security Solution] Allow prebuilt rules import and export #212509
Conversation
nikitaindik
added
release_note:skip
nikitaindik
force-pushed
the
allow-import-export-prebuilt-rules
branch
from
8df69e5 to
d3e1af5
Compare
nikitaindik
force-pushed
the
allow-import-export-prebuilt-rules
branch
from
d3e1af5 to
08b9f1b
Compare
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7987[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/ess_feature_flag_disabled.config.ts: 50/50 tests passed. |
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7986[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts: 50/50 tests passed. |
Flaky Test Runner Stats🟠 Some tests failed. - kibana-flaky-test-suite-runner#7985[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts: 50/50 tests passed. |
Flaky Test Runner Stats🟠 Some tests failed. - kibana-flaky-test-suite-runner#7984[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts: 50/50 tests passed. |
There was a problem hiding this comment.
Retested locally, and all previously tested scenarios are now working as expected 👍
Leaving a minor comment regarding test scripts - looks like they’re pointing to the wrong test files after refactoring. I also don’t see much value in maintaining these test scripts. There are a lot of them, making navigation difficult. Using the FTR server and runner directly seems much more practical. So, I’d suggest removing the added test scripts from package.json altogether.
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7988[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_feature_flag_disabled.config.ts: 50/50 tests passed. |
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#7989[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_disabled/configs/serverless_essentials_tier.config.ts: 50/50 tests passed. |
|
Starting backport for target branches: 8.18, 8.x, 9.0 https://github.com/elastic/kibana/actions/runs/13702844293 |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
cc @nikitaindik |
…12509) **Resolves: elastic/security-team#11502 (internal) This PR implements following changes and adds API integration tests for them: - [x] Users with any license can export prebuilt rules (with enabled feature flag) - [x] Users with Basic/Essentials license can import prebuilt rules only if they are non-customized and the feature flag is enabled - [x] Users with Enterprise/Complete license can import prebuilt rules without restrictions Flaky test runner (had to create 4 separate runs to test all configs): - [1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987) - [2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986) - [3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988) - [4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989) (cherry picked from commit ebe90e5)
…12509) **Resolves: elastic/security-team#11502 (internal) This PR implements following changes and adds API integration tests for them: - [x] Users with any license can export prebuilt rules (with enabled feature flag) - [x] Users with Basic/Essentials license can import prebuilt rules only if they are non-customized and the feature flag is enabled - [x] Users with Enterprise/Complete license can import prebuilt rules without restrictions Flaky test runner (had to create 4 separate runs to test all configs): - [1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987) - [2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986) - [3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988) - [4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989) (cherry picked from commit ebe90e5)
…12509) **Resolves: elastic/security-team#11502 (internal) This PR implements following changes and adds API integration tests for them: - [x] Users with any license can export prebuilt rules (with enabled feature flag) - [x] Users with Basic/Essentials license can import prebuilt rules only if they are non-customized and the feature flag is enabled - [x] Users with Enterprise/Complete license can import prebuilt rules without restrictions Flaky test runner (had to create 4 separate runs to test all configs): - [1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987) - [2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986) - [3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988) - [4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989) (cherry picked from commit ebe90e5)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…12509) (#213419) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Allow prebuilt rules import and export (#212509)](#212509) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-03-06T15:58:33Z","message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","Feature:Rule Import/Export","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Allow prebuilt rules import and export","number":212509,"url":"https://github.com/elastic/kibana/pull/212509","mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212509","number":212509,"mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
…2509) (#213420) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Allow prebuilt rules import and export (#212509)](#212509) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-03-06T15:58:33Z","message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","Feature:Rule Import/Export","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Allow prebuilt rules import and export","number":212509,"url":"https://github.com/elastic/kibana/pull/212509","mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212509","number":212509,"mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
…2509) (#213421) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Allow prebuilt rules import and export (#212509)](#212509) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-03-06T15:58:33Z","message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","Feature:Rule Import/Export","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] Allow prebuilt rules import and export","number":212509,"url":"https://github.com/elastic/kibana/pull/212509","mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/212509","number":212509,"mergeCommit":{"message":"[Security Solution] Allow prebuilt rules import and export (#212509)\n\n**Resolves: https://github.com/elastic/security-team/issues/11502**\n(internal)\n\nThis PR implements following changes and adds API integration tests for\nthem:\n- [x] Users with any license can export prebuilt rules (with enabled\nfeature flag)\n- [x] Users with Basic/Essentials license can import prebuilt rules only\nif they are non-customized and the feature flag is enabled\n- [x] Users with Enterprise/Complete license can import prebuilt rules\nwithout restrictions\n\nFlaky test runner (had to create 4 separate runs to test all configs):\n-\n[1](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7987)\n-\n[2](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7986)\n-\n[3](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7988)\n-\n[4](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7989)","sha":"ebe90e5c80e1dbe34d96ccd8a1e8e34d032affa4"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
Resolves: https://github.com/elastic/security-team/issues/11502 (internal)
This PR implements following changes and adds API integration tests for them:
Flaky test runner (had to create 4 separate runs to test all configs):