wip

elastic · Jun 3, 2021 · 60f6d4a · 60f6d4a
1 parent 98527ad
commit 60f6d4a
Show file tree

Hide file tree

Showing 5 changed files with 114 additions and 0 deletions.
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
@@ -42,6 +42,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       loadTestFile(require.resolve('./create_signals_migrations'));
       loadTestFile(require.resolve('./finalize_signals_migrations'));
       loadTestFile(require.resolve('./delete_signals_migrations'));
+      loadTestFile(require.resolve('./timestamps'));
     });
 
     // That split here enable us on using a different ciGroup to run the tests

diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { CreateRulesSchema } from '../../../../plugins/security_solution/common/detection_engine/schemas/request';
+
+import {
+  DETECTION_ENGINE_RULES_URL,
+  DETECTION_ENGINE_RULES_STATUS_URL,
+} from '../../../../plugins/security_solution/common/constants';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+import {
+  createSignalsIndex,
+  deleteAllAlerts,
+  deleteSignalsIndex,
+  createRule,
+  getSimpleRule,
+  getSimpleRuleOutput,
+  getSimpleRuleOutputWithoutRuleId,
+  getSimpleRuleWithoutRuleId,
+  removeServerGeneratedProperties,
+  removeServerGeneratedPropertiesIncludingRuleId,
+  getSimpleMlRule,
+  getSimpleMlRuleOutput,
+  waitForRuleSuccessOrStatus,
+  waitForSignalsToBePresent,
+  waitForAlertToComplete,
+  getRuleForSignalTesting,
+  getSignalsByIds,
+  getRuleForSignalTestingWithTimestampOverride,
+} from '../../utils';
+import { ROLES } from '../../../../plugins/security_solution/common/test';
+import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils';
+import { RuleStatusResponse } from '../../../../plugins/security_solution/server/lib/detection_engine/rules/types';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext) => {
+  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+
+  describe('timestamps', () => {
+    describe('source index with timestamp in milliseconds', () => {
+      beforeEach(async () => {
+        await createSignalsIndex(supertest);
+        await esArchiver.load('security_solution/timestamp_in_seconds');
+      });
+
+      afterEach(async () => {
+        await deleteSignalsIndex(supertest);
+        await deleteAllAlerts(supertest);
+        await esArchiver.unload('security_solution/timestamp_in_seconds');
+      });
+
+      it('should convert a timestamp in epoch_seconds to the correct ISO format', async () => {
+        const rule = getRuleForSignalTesting(['timestamp_in_seconds']);
+        const { id } = await createRule(supertest, rule);
+        await waitForRuleSuccessOrStatus(supertest, id);
+        await waitForSignalsToBePresent(supertest, 1, [id]);
+        const signalsOpen = await getSignalsByIds(supertest, [id]);
+        const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
+        expect(hits).to.eql([]);
+      });
+    });
+  });
+};
diff --git a/x-pack/test/functional/es_archives/security_solution/README.md b/x-pack/test/functional/es_archives/security_solution/README.md
@@ -0,0 +1,11 @@
+Collection of data sets for use within various tests. Most of the tests to these live in either:
+
+```
+x-pack/test/detection_engine_api_integrations/security_and_spaces/tests
+```
+
+or
+
+```
+x-pack/test/api_integration/apis/security_solution
+```
diff --git a/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json
@@ -0,0 +1,10 @@
+{
+  "type": "doc",
+  "value": {
+    "index": "timestamp_in_seconds",
+    "source": {
+      "@timestamp": 1622676795
+    },
+    "type": "_doc"
+  }
+}
diff --git a/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json
@@ -0,0 +1,22 @@
+{
+  "type": "index",
+  "value": {
+    "index": "timestamp_in_seconds",
+    "mappings": {
+      "dynamic": "strict",
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "epoch_second"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "refresh_interval": "1s",
+        "number_of_replicas": "1",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}