From fa3dfb2ae44a3d993d4ab19a39d8c99536905ac3 Mon Sep 17 00:00:00 2001
From: Jatin Kathuria <jtn.kathuria@gmail.com>
Date: Tue, 10 Dec 2024 10:38:43 +0100
Subject: [PATCH] [ Security Solution ] One discover security context
 functional tests (#199818)

## Summary

Fixes https://github.com/elastic/security-team/issues/11112

Follow up to
- https://github.com/elastic/kibana/pull/199279

Adds functional test for Security Profiles in One Discover.


### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
---
 .../ftr_security_serverless_configs.yml       |  1 +
 .github/CODEOWNERS                            |  6 +-
 .../security/config.context_awareness.ts      | 14 ++-
 .../config.examples.context_awareness.ts      | 28 ++++++
 .../test_suites/security/constants.ts         |  8 ++
 .../context_awareness/cell_renderer.ts        | 86 +++++++++++++++++++
 .../ftr/discover/context_awareness/index.ts   | 40 +++++++++
 7 files changed, 172 insertions(+), 11 deletions(-)
 create mode 100644 x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts
 create mode 100644 x-pack/test_serverless/functional/test_suites/security/constants.ts
 create mode 100644 x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/cell_renderer.ts
 create mode 100644 x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/index.ts

diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml
index 74d82d40c8bce..5ea5647d1d908 100644
--- a/.buildkite/ftr_security_serverless_configs.yml
+++ b/.buildkite/ftr_security_serverless_configs.yml
@@ -37,6 +37,7 @@ enabled:
   - x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.agentless.ts
   - x-pack/test_serverless/functional/test_suites/security/config.saved_objects_management.ts
   - x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts
+  - x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts
   - x-pack/test_serverless/functional/test_suites/security/common_configs/config.group1.ts
   - x-pack/test_serverless/functional/test_suites/security/common_configs/config.group2.ts
   - x-pack/test_serverless/functional/test_suites/security/common_configs/config.group3.ts
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 032c8f17a98c6..bc782055dfc58 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1093,8 +1093,8 @@ x-pack/test_serverless/api_integration/test_suites/common/platform_security @ela
 /x-pack/test/api_integration/apis/kibana/kql_telemetry @elastic/kibana-data-discovery @elastic/kibana-visualizations
 /x-pack/test_serverless/functional/es_archives/pre_calculated_histogram @elastic/kibana-data-discovery
 /x-pack/test_serverless/functional/es_archives/kibana_sample_data_flights_index_pattern @elastic/kibana-data-discovery
-/x-pack/test_serverless/functional/test_suites/security/config.examples.ts @elastic/kibana-data-discovery
-/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts @elastic/kibana-data-discovery
+/x-pack/test_serverless/functional/test_suites/security/config.examples.ts   @elastic/kibana-data-discovery
+/x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts @elastic/kibana-data-discovery
 /test/accessibility/apps/discover.ts @elastic/kibana-data-discovery
 /test/api_integration/apis/data_views @elastic/kibana-data-discovery
 /test/api_integration/apis/data_view_field_editor @elastic/kibana-data-discovery
@@ -2112,6 +2112,7 @@ x-pack/test/api_integration/apis/management/index_management/inference_endpoints
 x-pack/test_serverless/functional/test_suites/security/config.mki_only.ts @elastic/security-solution @elastic/appex-qa
 x-pack/test_serverless/functional/test_suites/security/index.mki_only.ts @elastic/security-solution @elastic/appex-qa @elastic/kibana-cloud-security-posture
 /x-pack/test_serverless/functional/test_suites/security/config.feature_flags.ts @elastic/security-solution @elastic/kibana-cloud-security-posture
+/x-pack/test_serverless/functional/test_suites/security/constants.ts @elastic/security-solution
 /x-pack/test_serverless/api_integration/test_suites/observability/config.feature_flags.ts @elastic/security-solution
 /x-pack/test_serverless/functional/test_suites/common/spaces/multiple_spaces_enabled.ts @elastic/security-solution
 /x-pack/test/functional/es_archives/endpoint/ @elastic/security-solution
@@ -2245,6 +2246,7 @@ x-pack/test/security_solution_cypress/cypress/tasks/expandable_flyout  @elastic/
 /x-pack/plugins/security_solution/public/app/home/template_wrapper/timeline @elastic/security-threat-hunting-investigations
 
 /x-pack/plugins/security_solution/server/lib/timeline @elastic/security-threat-hunting-investigations
+/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts @elastic/security-threat-hunting-investigations
 
 ## Security Solution Threat Hunting areas - Threat Hunting Explore
 /x-pack/plugins/security_solution/common/api/tags @elastic/security-threat-hunting-explore
diff --git a/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts b/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts
index 984ce1c904d80..ab15b8d6beeb9 100644
--- a/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts
+++ b/x-pack/test_serverless/functional/test_suites/security/config.context_awareness.ts
@@ -9,19 +9,15 @@ import { createTestConfig } from '../../config.base';
 
 export default createTestConfig({
   serverlessProject: 'security',
-  testFiles: [require.resolve('../common/discover/context_awareness')],
+  testFiles: [require.resolve('./ftr/discover/context_awareness')],
   junit: {
-    reportName: 'Serverless Security Discover Context Awareness Functional Tests',
+    reportName:
+      'Serverless Security Discover Context Awareness Functional Tests - Security Profiles',
   },
   kbnServerArgs: [
-    `--discover.experimental.enabledProfiles=${JSON.stringify([
-      'example-root-profile',
-      'example-solution-view-root-profile',
-      'example-data-source-profile',
-      'example-document-profile',
-    ])}`,
+    `--discover.experimental.enabledProfiles=${JSON.stringify(['security-root-profile'])}`,
   ],
   // include settings from project controller
-  // https://github.com/elastic/project-controller/blob/main/internal/project/observability/config/elasticsearch.yml
+  // https://github.com/elastic/elasticsearch-controller/blob/main/helm/values.yaml
   esServerArgs: ['xpack.ml.dfa.enabled=false'],
 });
diff --git a/x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts b/x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts
new file mode 100644
index 0000000000000..d4476d9a59726
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/config.examples.context_awareness.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { createTestConfig } from '../../config.base';
+
+export default createTestConfig({
+  serverlessProject: 'security',
+  testFiles: [require.resolve('../common/discover/context_awareness')],
+  junit: {
+    reportName:
+      'Serverless Security Discover Context Awareness Functional Tests - Example Profiles',
+  },
+  kbnServerArgs: [
+    `--discover.experimental.enabledProfiles=${JSON.stringify([
+      'example-root-profile',
+      'example-solution-view-root-profile',
+      'example-data-source-profile',
+      'example-document-profile',
+    ])}`,
+  ],
+  // include settings from project controller
+  // https://github.com/elastic/project-controller/blob/main/internal/project/observability/config/elasticsearch.yml
+  esServerArgs: ['xpack.ml.dfa.enabled=false'],
+});
diff --git a/x-pack/test_serverless/functional/test_suites/security/constants.ts b/x-pack/test_serverless/functional/test_suites/security/constants.ts
new file mode 100644
index 0000000000000..53aea092cf8f6
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/constants.ts
@@ -0,0 +1,8 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const SECURITY_ES_ARCHIVES_DIR = 'x-pack/test/security_solution_cypress/es_archives';
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/cell_renderer.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/cell_renderer.ts
new file mode 100644
index 0000000000000..19d0020f73cba
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/cell_renderer.ts
@@ -0,0 +1,86 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import kbnRison from '@kbn/rison';
+import expect from '@kbn/expect';
+import path from 'path';
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+import { SECURITY_ES_ARCHIVES_DIR } from '../../../constants';
+
+export default function ({ getService, getPageObjects }: FtrProviderContext) {
+  const PageObjects = getPageObjects(['common', 'timePicker', 'discover', 'svlCommonPage']);
+  const testSubjects = getService('testSubjects');
+  const dataViews = getService('dataViews');
+  const esArchiver = getService('esArchiver');
+  const queryBar = getService('queryBar');
+
+  describe('security root profile', () => {
+    before(async () => {
+      await PageObjects.svlCommonPage.loginAsViewer();
+      await esArchiver.loadIfNeeded(path.join(SECURITY_ES_ARCHIVES_DIR, 'auditbeat_single'));
+    });
+
+    after(async () => {
+      await esArchiver.unload(path.join(SECURITY_ES_ARCHIVES_DIR, 'auditbeat_single'));
+    });
+
+    describe('cell renderers', () => {
+      describe('host.name', () => {
+        describe('DataView mode', () => {
+          it('should open host.name flyout', async () => {
+            await PageObjects.common.navigateToActualUrl('discover', undefined, {
+              ensureCurrentUrl: false,
+            });
+            await dataViews.createFromSearchBar({
+              name: 'auditbeat-2022',
+              adHoc: true,
+              hasTimeField: true,
+            });
+            await queryBar.setQuery('host.name: "siem-kibana"');
+            await queryBar.clickQuerySubmitButton();
+            await PageObjects.discover.waitUntilSearchingHasFinished();
+            await PageObjects.discover.dragFieldToTable('host.name');
+            expect((await PageObjects.discover.getColumnHeaders()).join(', ')).to.be(
+              '@timestamp, host.name'
+            );
+            // security host.name button
+            const hostName = await testSubjects.findAll('host-details-button', 2500);
+            expect(hostName).to.have.length(1);
+            await hostName[0].click();
+            await testSubjects.existOrFail('host-panel-header', { timeout: 2500 });
+            await testSubjects.existOrFail('asset-criticality-selector', { timeout: 2500 });
+            await testSubjects.existOrFail('observedEntity-accordion', { timeout: 2500 });
+          });
+        });
+
+        describe('ES|QL mode', () => {
+          it('should open host.name flyout', async () => {
+            const state = kbnRison.encode({
+              dataSource: { type: 'esql' },
+
+              query: { esql: 'from auditbeat-2022 | WHERE host.name == "siem-kibana"' },
+            });
+
+            await PageObjects.common.navigateToActualUrl('discover', `?_a=${state}`, {
+              ensureCurrentUrl: false,
+            });
+            await PageObjects.discover.waitUntilSearchingHasFinished();
+            await PageObjects.discover.dragFieldToTable('host.name');
+            expect((await PageObjects.discover.getColumnHeaders()).join(', ')).to.be('host.name');
+            // security host.name button
+            const hostName = await testSubjects.findAll('host-details-button', 2500);
+            expect(hostName).to.have.length(1);
+            await hostName[0].click();
+            await testSubjects.existOrFail('host-panel-header', { timeout: 2500 });
+            await testSubjects.existOrFail('asset-criticality-selector', { timeout: 2500 });
+            await testSubjects.existOrFail('observedEntity-accordion', { timeout: 2500 });
+          });
+        });
+      });
+    });
+  });
+}
diff --git a/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/index.ts b/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/index.ts
new file mode 100644
index 0000000000000..93f6dff57b582
--- /dev/null
+++ b/x-pack/test_serverless/functional/test_suites/security/ftr/discover/context_awareness/index.ts
@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { FtrProviderContext } from '../../../../../ftr_provider_context';
+
+export default function ({ getService, getPageObjects, loadTestFile }: FtrProviderContext) {
+  const esArchiver = getService('esArchiver');
+  const kibanaServer = getService('kibanaServer');
+  const PageObjects = getPageObjects(['timePicker', 'svlCommonPage']);
+  const from = '2017-06-10T14:00:00.000Z';
+  const to = '2024-06-10T16:30:00.000Z';
+
+  describe('discover/security/context_awareness', function () {
+    this.tags(['esGate']);
+
+    before(async () => {
+      await esArchiver.load('test/functional/fixtures/es_archiver/discover/context_awareness');
+      await kibanaServer.importExport.load(
+        'test/functional/fixtures/kbn_archiver/discover/context_awareness'
+      );
+      await kibanaServer.uiSettings.update({
+        'timepicker:timeDefaults': `{ "from": "${from}", "to": "${to}"}`,
+      });
+    });
+
+    after(async () => {
+      await esArchiver.unload('test/functional/fixtures/es_archiver/discover/context_awareness');
+      await kibanaServer.importExport.unload(
+        'test/functional/fixtures/kbn_archiver/discover/context_awareness'
+      );
+      await PageObjects.timePicker.resetDefaultAbsoluteRangeViaUiSettings();
+    });
+
+    loadTestFile(require.resolve('./cell_renderer'));
+  });
+}