From 904a73d00a7927ea27718494a755607db40e7d70 Mon Sep 17 00:00:00 2001 From: Maxim Palenov Date: Mon, 3 Feb 2025 17:30:46 +0100 Subject: [PATCH] temporally disable saved query integration tests --- .../diffable_rule_fields/index.ts | 4 +- .../kql_query.saved_query.ts | 1428 +++++++++-------- 2 files changed, 717 insertions(+), 715 deletions(-) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/index.ts index 243f130ee937e..4f59515409904 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/index.ts @@ -32,7 +32,7 @@ import { investigationFieldsField } from './investigation_fields'; import { dataSourceField } from './data_source'; import { alertSuppressionField } from './alert_suppression'; import { inlineQueryKqlQueryField } from './kql_query.inline_query'; -import { savedQueryKqlQueryField } from './kql_query.saved_query'; +// import { savedQueryKqlQueryField } from './kql_query.saved_query'; import { eqlQueryField } from './eql_query'; import { esqlQueryField } from './esql_query'; import { threatIndexField } from './threat_index'; @@ -85,7 +85,7 @@ export default (context: FtrProviderContext): void => { inlineQueryKqlQueryField(context); // Saved Query rule types - savedQueryKqlQueryField(context); + // savedQueryKqlQueryField(context); // EQL rule type eqlQueryField(context); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/kql_query.saved_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/kql_query.saved_query.ts index ba04dac707ebe..4cb38ace95ac5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/kql_query.saved_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/kql_query.saved_query.ts @@ -5,716 +5,718 @@ * 2.0. */ -import expect from 'expect'; -import { - KqlQueryType, - ModeEnum, - ThreeWayDiffConflict, - ThreeWayDiffOutcome, - ThreeWayMergeOutcome, -} from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules, reviewPrebuiltRulesToUpgrade } from '../../../../../utils'; -import { - DEFAULT_TEST_RULE_ID, - setUpRuleUpgrade, -} from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; - -export function savedQueryKqlQueryField({ getService }: FtrProviderContext): void { - const es = getService('es'); - const supertest = getService('supertest'); - const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); - - const deps = { - es, - supertest, - log, - }; - - describe('"kql_query" with saved query', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: {}, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - }, - deps, - }); - }); - - it('does NOT return upgrade review', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 0, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 1, - num_fields_with_conflicts: 0, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).not.toMatchObject({ - kql_query: expect.anything(), - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 0, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('non-customized w/ an upgrade (AAB diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: {}, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - }, - deps, - }); - }); - - it('returns upgrade review', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 0, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 2, - num_fields_with_conflicts: 0, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).toMatchObject({ - kql_query: { - base_version: { - saved_query_id: 'saved_query_id1', - }, - current_version: { - saved_query_id: 'saved_query_id1', - }, - target_version: { - saved_query_id: 'saved_query_id2', - }, - merged_version: { - saved_query_id: 'saved_query_id2', - }, - diff_outcome: ThreeWayDiffOutcome.StockValueCanUpdate, - merge_outcome: ThreeWayMergeOutcome.Target, - conflict: ThreeWayDiffConflict.NONE, - has_update: true, - has_base_version: true, - }, - }); - }); - - it('upgrades to MERGED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 0, - version: 2, - fields: { - kql_query: { - pick_version: 'MERGED', - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'saved_query_id2', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'saved_query_id2', - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 0, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('customized w/o an upgrade (ABA diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - }, - deps, - }); - }); - - it('returns upgrade preview', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 0, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 1, - num_fields_with_conflicts: 0, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).toMatchObject({ - kql_query: { - base_version: { - saved_query_id: 'saved_query_id1', - }, - current_version: { - saved_query_id: 'saved_query_id2', - }, - target_version: { - saved_query_id: 'saved_query_id1', - }, - merged_version: { - saved_query_id: 'saved_query_id2', - }, - diff_outcome: ThreeWayDiffOutcome.CustomizedValueNoUpdate, - merge_outcome: ThreeWayMergeOutcome.Current, - conflict: ThreeWayDiffConflict.NONE, - has_update: false, - has_base_version: true, - }, - }); - }); - - it('upgrades to MERGED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'MERGED', - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'saved_query_id2', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'saved_query_id2', - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('customized w/ the matching upgrade (ABB diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - }, - deps, - }); - }); - - it('returns upgrade preview', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 0, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 1, - num_fields_with_conflicts: 0, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).toMatchObject({ - kql_query: { - base_version: { - saved_query_id: 'saved_query_id1', - }, - current_version: { - saved_query_id: 'saved_query_id2', - }, - target_version: { - saved_query_id: 'saved_query_id2', - }, - merged_version: { - saved_query_id: 'saved_query_id2', - }, - diff_outcome: ThreeWayDiffOutcome.CustomizedValueSameUpdate, - merge_outcome: ThreeWayMergeOutcome.Current, - conflict: ThreeWayDiffConflict.NONE, - has_update: false, - has_base_version: true, - }, - }); - }); - - it('upgrades to MERGED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'MERGED', - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'saved_query_id2', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'saved_query_id2', - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id3', - }, - }, - deps, - }); - }); - - it('returns upgrade preview', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 1, - num_rules_with_non_solvable_conflicts: 1, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 2, - num_fields_with_conflicts: 1, - num_fields_with_non_solvable_conflicts: 1, - }); - expect(response.rules[0].diff.fields).toMatchObject({ - kql_query: { - base_version: { - saved_query_id: 'saved_query_id1', - }, - current_version: { - saved_query_id: 'saved_query_id2', - }, - target_version: { - saved_query_id: 'saved_query_id3', - }, - merged_version: { - saved_query_id: 'saved_query_id2', - }, - diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate, - merge_outcome: ThreeWayMergeOutcome.Current, - conflict: ThreeWayDiffConflict.NON_SOLVABLE, - has_update: true, - has_base_version: true, - }, - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - }, - removeInstalledAssets: true, - deps, - }); - }); - - it('does NOT return upgrade review', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 0, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 1, - num_fields_with_conflicts: 0, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).not.toMatchObject({ - kql_query: expect.anything(), - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - - describe('customized w/ an upgrade (-AB diff case)', () => { - beforeEach(async () => { - await setUpRuleUpgrade({ - assets: { - installed: { - type: 'saved_query', - saved_id: 'saved_query_id1', - }, - patch: { - type: 'saved_query', - saved_id: 'saved_query_id2', - }, - upgrade: { - type: 'saved_query', - saved_id: 'saved_query_id3', - }, - }, - removeInstalledAssets: true, - deps, - }); - }); - - it('returns upgrade preview', async () => { - const response = await reviewPrebuiltRulesToUpgrade(supertest); - - expect(response.rules).toHaveLength(1); - expect(response.stats).toMatchObject({ - num_rules_to_upgrade_total: 1, - num_rules_with_conflicts: 1, - num_rules_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff).toMatchObject({ - num_fields_with_updates: 2, - num_fields_with_conflicts: 1, - num_fields_with_non_solvable_conflicts: 0, - }); - expect(response.rules[0].diff.fields).toMatchObject({ - kql_query: { - current_version: { - saved_query_id: 'saved_query_id2', - }, - target_version: { - saved_query_id: 'saved_query_id3', - }, - merged_version: { - saved_query_id: 'saved_query_id3', - }, - diff_outcome: ThreeWayDiffOutcome.MissingBaseCanUpdate, - merge_outcome: ThreeWayMergeOutcome.Target, - conflict: ThreeWayDiffConflict.SOLVABLE, - has_update: true, - has_base_version: false, - }, - }); - }); - - it('upgrades to RESOLVED value', async () => { - const response = await performUpgradePrebuiltRules(es, supertest, { - mode: ModeEnum.SPECIFIC_RULES, - rules: [ - { - rule_id: DEFAULT_TEST_RULE_ID, - revision: 1, - version: 2, - fields: { - kql_query: { - pick_version: 'RESOLVED', - resolved_value: { - type: KqlQueryType.saved_query, - saved_query_id: 'resolved', - }, - }, - }, - }, - ], - }); - - const upgradedRule = await securitySolutionApi.readRule({ - query: { rule_id: DEFAULT_TEST_RULE_ID }, - }); - - expect(response.results.updated[0]).toMatchObject({ - saved_id: 'resolved', - }); - expect(upgradedRule.body).toMatchObject({ - saved_id: 'resolved', - }); - }); - }); - }); - }); -} +// Temporally comment contents until https://github.com/elastic/kibana/issues/209343 is fixed + +// import expect from 'expect'; +// import { +// KqlQueryType, +// ModeEnum, +// ThreeWayDiffConflict, +// ThreeWayDiffOutcome, +// ThreeWayMergeOutcome, +// } from '@kbn/security-solution-plugin/common/api/detection_engine'; +// import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +// import { performUpgradePrebuiltRules, reviewPrebuiltRulesToUpgrade } from '../../../../../utils'; +// import { +// DEFAULT_TEST_RULE_ID, +// setUpRuleUpgrade, +// } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; + +// export function savedQueryKqlQueryField({ getService }: FtrProviderContext): void { +// const es = getService('es'); +// const supertest = getService('supertest'); +// const log = getService('log'); +// const securitySolutionApi = getService('securitySolutionApi'); + +// const deps = { +// es, +// supertest, +// log, +// }; + +// describe('"kql_query" with saved query', () => { +// describe('non-customized w/o an upgrade (AAA diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: {}, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// }, +// deps, +// }); +// }); + +// it('does NOT return upgrade review', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 0, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 1, +// num_fields_with_conflicts: 0, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).not.toMatchObject({ +// kql_query: expect.anything(), +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 0, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('non-customized w/ an upgrade (AAB diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: {}, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// }, +// deps, +// }); +// }); + +// it('returns upgrade review', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 0, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 2, +// num_fields_with_conflicts: 0, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).toMatchObject({ +// kql_query: { +// base_version: { +// saved_query_id: 'saved_query_id1', +// }, +// current_version: { +// saved_query_id: 'saved_query_id1', +// }, +// target_version: { +// saved_query_id: 'saved_query_id2', +// }, +// merged_version: { +// saved_query_id: 'saved_query_id2', +// }, +// diff_outcome: ThreeWayDiffOutcome.StockValueCanUpdate, +// merge_outcome: ThreeWayMergeOutcome.Target, +// conflict: ThreeWayDiffConflict.NONE, +// has_update: true, +// has_base_version: true, +// }, +// }); +// }); + +// it('upgrades to MERGED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 0, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'MERGED', +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 0, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('customized w/o an upgrade (ABA diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// }, +// deps, +// }); +// }); + +// it('returns upgrade preview', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 0, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 1, +// num_fields_with_conflicts: 0, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).toMatchObject({ +// kql_query: { +// base_version: { +// saved_query_id: 'saved_query_id1', +// }, +// current_version: { +// saved_query_id: 'saved_query_id2', +// }, +// target_version: { +// saved_query_id: 'saved_query_id1', +// }, +// merged_version: { +// saved_query_id: 'saved_query_id2', +// }, +// diff_outcome: ThreeWayDiffOutcome.CustomizedValueNoUpdate, +// merge_outcome: ThreeWayMergeOutcome.Current, +// conflict: ThreeWayDiffConflict.NONE, +// has_update: false, +// has_base_version: true, +// }, +// }); +// }); + +// it('upgrades to MERGED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'MERGED', +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('customized w/ the matching upgrade (ABB diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// }, +// deps, +// }); +// }); + +// it('returns upgrade preview', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 0, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 1, +// num_fields_with_conflicts: 0, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).toMatchObject({ +// kql_query: { +// base_version: { +// saved_query_id: 'saved_query_id1', +// }, +// current_version: { +// saved_query_id: 'saved_query_id2', +// }, +// target_version: { +// saved_query_id: 'saved_query_id2', +// }, +// merged_version: { +// saved_query_id: 'saved_query_id2', +// }, +// diff_outcome: ThreeWayDiffOutcome.CustomizedValueSameUpdate, +// merge_outcome: ThreeWayMergeOutcome.Current, +// conflict: ThreeWayDiffConflict.NONE, +// has_update: false, +// has_base_version: true, +// }, +// }); +// }); + +// it('upgrades to MERGED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'MERGED', +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'saved_query_id2', +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id3', +// }, +// }, +// deps, +// }); +// }); + +// it('returns upgrade preview', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 1, +// num_rules_with_non_solvable_conflicts: 1, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 2, +// num_fields_with_conflicts: 1, +// num_fields_with_non_solvable_conflicts: 1, +// }); +// expect(response.rules[0].diff.fields).toMatchObject({ +// kql_query: { +// base_version: { +// saved_query_id: 'saved_query_id1', +// }, +// current_version: { +// saved_query_id: 'saved_query_id2', +// }, +// target_version: { +// saved_query_id: 'saved_query_id3', +// }, +// merged_version: { +// saved_query_id: 'saved_query_id2', +// }, +// diff_outcome: ThreeWayDiffOutcome.CustomizedValueCanUpdate, +// merge_outcome: ThreeWayMergeOutcome.Current, +// conflict: ThreeWayDiffConflict.NON_SOLVABLE, +// has_update: true, +// has_base_version: true, +// }, +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('without historical versions', () => { +// describe('customized w/ the matching upgrade (-AA diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// }, +// removeInstalledAssets: true, +// deps, +// }); +// }); + +// it('does NOT return upgrade review', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 0, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 1, +// num_fields_with_conflicts: 0, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).not.toMatchObject({ +// kql_query: expect.anything(), +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); + +// describe('customized w/ an upgrade (-AB diff case)', () => { +// beforeEach(async () => { +// await setUpRuleUpgrade({ +// assets: { +// installed: { +// type: 'saved_query', +// saved_id: 'saved_query_id1', +// }, +// patch: { +// type: 'saved_query', +// saved_id: 'saved_query_id2', +// }, +// upgrade: { +// type: 'saved_query', +// saved_id: 'saved_query_id3', +// }, +// }, +// removeInstalledAssets: true, +// deps, +// }); +// }); + +// it('returns upgrade preview', async () => { +// const response = await reviewPrebuiltRulesToUpgrade(supertest); + +// expect(response.rules).toHaveLength(1); +// expect(response.stats).toMatchObject({ +// num_rules_to_upgrade_total: 1, +// num_rules_with_conflicts: 1, +// num_rules_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff).toMatchObject({ +// num_fields_with_updates: 2, +// num_fields_with_conflicts: 1, +// num_fields_with_non_solvable_conflicts: 0, +// }); +// expect(response.rules[0].diff.fields).toMatchObject({ +// kql_query: { +// current_version: { +// saved_query_id: 'saved_query_id2', +// }, +// target_version: { +// saved_query_id: 'saved_query_id3', +// }, +// merged_version: { +// saved_query_id: 'saved_query_id3', +// }, +// diff_outcome: ThreeWayDiffOutcome.MissingBaseCanUpdate, +// merge_outcome: ThreeWayMergeOutcome.Target, +// conflict: ThreeWayDiffConflict.SOLVABLE, +// has_update: true, +// has_base_version: false, +// }, +// }); +// }); + +// it('upgrades to RESOLVED value', async () => { +// const response = await performUpgradePrebuiltRules(es, supertest, { +// mode: ModeEnum.SPECIFIC_RULES, +// rules: [ +// { +// rule_id: DEFAULT_TEST_RULE_ID, +// revision: 1, +// version: 2, +// fields: { +// kql_query: { +// pick_version: 'RESOLVED', +// resolved_value: { +// type: KqlQueryType.saved_query, +// saved_query_id: 'resolved', +// }, +// }, +// }, +// }, +// ], +// }); + +// const upgradedRule = await securitySolutionApi.readRule({ +// query: { rule_id: DEFAULT_TEST_RULE_ID }, +// }); + +// expect(response.results.updated[0]).toMatchObject({ +// saved_id: 'resolved', +// }); +// expect(upgradedRule.body).toMatchObject({ +// saved_id: 'resolved', +// }); +// }); +// }); +// }); +// }); +// }