elastic
diff --git a/‎packages/kbn-es/src/utils/native_realm.js‎
Lines changed: 4 additions & 0 deletions b/‎packages/kbn-es/src/utils/native_realm.js‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎x-pack/plugins/infra/public/pages/metrics/inventory_view/components/waffle/waffle_time_controls.tsx‎
Lines changed: 38 additions & 22 deletions b/‎x-pack/plugins/infra/public/pages/metrics/inventory_view/components/waffle/waffle_time_controls.tsx‎
Lines changed: 38 additions & 22 deletions
diff --git a/‎x-pack/scripts/functional_tests.js‎
Lines changed: 1 addition & 0 deletions b/‎x-pack/scripts/functional_tests.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎x-pack/test/detection_engine_api_integration/basic/config.ts‎
Lines changed: 14 additions & 0 deletions b/‎x-pack/test/detection_engine_api_integration/basic/config.ts‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts‎
Lines changed: 92 additions & 0 deletions b/‎x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts‎
Lines changed: 126 additions & 0 deletions b/‎x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts‎
Lines changed: 126 additions & 0 deletions
@@ -76,6 +76,10 @@ exports.NativeRealm = class NativeRealm {
     }
 
     const reservedUsers = await this.getReservedUsers();
+    if (!reservedUsers || reservedUsers.length < 1) {
+      throw new Error('no reserved users found, unable to set native realm passwords');
+    }
+
     await Promise.all(
       reservedUsers.map(async user => {
         await this.setPassword(user, options[`password.${user}`]);
 
@@ -4,13 +4,18 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { EuiButtonEmpty, EuiDatePicker, EuiFormControlLayout } from '@elastic/eui';
+import { EuiButton, EuiDatePicker, EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
 import moment, { Moment } from 'moment';
 import React, { useCallback } from 'react';
+import { withTheme, EuiTheme } from '../../../../../../../observability/public';
 import { useWaffleTimeContext } from '../../hooks/use_waffle_time';
 
-export const WaffleTimeControls = () => {
+interface Props {
+  theme: EuiTheme;
+}
+
+export const WaffleTimeControls = withTheme(({ theme }: Props) => {
   const {
     currentTime,
     isAutoReloading,
@@ -22,19 +27,19 @@ export const WaffleTimeControls = () => {
   const currentMoment = moment(currentTime);
 
   const liveStreamingButton = isAutoReloading ? (
-    <EuiButtonEmpty color="primary" iconSide="left" iconType="pause" onClick={stopAutoReload}>
+    <EuiButton color="primary" iconSide="left" iconType="pause" onClick={stopAutoReload}>
       <FormattedMessage
         id="xpack.infra.waffleTime.stopRefreshingButtonLabel"
         defaultMessage="Stop refreshing"
       />
-    </EuiButtonEmpty>
+    </EuiButton>
   ) : (
-    <EuiButtonEmpty iconSide="left" iconType="play" onClick={startAutoReload}>
+    <EuiButton iconSide="left" iconType="play" onClick={startAutoReload}>
       <FormattedMessage
         id="xpack.infra.waffleTime.autoRefreshButtonLabel"
         defaultMessage="Auto-refresh"
       />
-    </EuiButtonEmpty>
+    </EuiButton>
   );
 
   const handleChangeDate = useCallback(
@@ -47,20 +52,31 @@ export const WaffleTimeControls = () => {
   );
 
   return (
-    <EuiFormControlLayout append={liveStreamingButton} data-test-subj="waffleDatePicker">
-      <EuiDatePicker
-        className="euiFieldText--inGroup"
-        dateFormat="L LTS"
-        disabled={isAutoReloading}
-        injectTimes={currentMoment ? [currentMoment] : []}
-        isLoading={isAutoReloading}
-        onChange={handleChangeDate}
-        popperPlacement="top-end"
-        selected={currentMoment}
-        shouldCloseOnSelect
-        showTimeSelect
-        timeFormat="LT"
-      />
-    </EuiFormControlLayout>
+    <EuiFlexGroup alignItems="center" gutterSize="none">
+      <EuiFlexItem
+        grow={false}
+        style={{
+          border: theme.eui.euiFormInputGroupBorder,
+          boxShadow: `0px 3px 2px ${theme.eui.euiTableActionsBorderColor}, 0px 1px 1px ${theme.eui.euiTableActionsBorderColor}`,
+          marginRight: theme.eui.paddingSizes.m,
+        }}
+        data-test-subj="waffleDatePicker"
+      >
+        <EuiDatePicker
+          className="euiFieldText--inGroup"
+          dateFormat="L LTS"
+          disabled={isAutoReloading}
+          injectTimes={currentMoment ? [currentMoment] : []}
+          isLoading={isAutoReloading}
+          onChange={handleChangeDate}
+          popperPlacement="top-end"
+          selected={currentMoment}
+          shouldCloseOnSelect
+          showTimeSelect
+          timeFormat="LT"
+        />
+      </EuiFlexItem>
+      <EuiFlexItem grow={false}>{liveStreamingButton}</EuiFlexItem>
+    </EuiFlexGroup>
   );
-};
+});
@@ -21,6 +21,7 @@ const onlyNotInCoverageTests = [
   require.resolve('../test/alerting_api_integration/spaces_only/config.ts'),
   require.resolve('../test/alerting_api_integration/security_and_spaces/config.ts'),
   require.resolve('../test/detection_engine_api_integration/security_and_spaces/config.ts'),
+  require.resolve('../test/detection_engine_api_integration/basic/config.ts'),
   require.resolve('../test/plugin_api_integration/config.ts'),
   require.resolve('../test/kerberos_api_integration/config.ts'),
   require.resolve('../test/kerberos_api_integration/anonymous_access.config.ts'),
 
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { createTestConfig } from '../common/config';
+
+// eslint-disable-next-line import/no-default-export
+export default createTestConfig('basic', {
+  disabledPlugins: [],
+  license: 'basic',
+  ssl: true,
+});
@@ -0,0 +1,92 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+
+import { DETECTION_ENGINE_PREPACKAGED_URL } from '../../../../plugins/siem/common/constants';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+import { createSignalsIndex, deleteAllAlerts, deleteSignalsIndex } from '../../utils';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext): void => {
+  const supertest = getService('supertest');
+  const es = getService('legacyEs');
+
+  describe('add_prepackaged_rules', () => {
+    describe('validation errors', () => {
+      it('should give an error that the index must exist first if it does not exist before adding prepackaged rules', async () => {
+        const { body } = await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(400);
+
+        expect(body).to.eql({
+          message:
+            'Pre-packaged rules cannot be installed until the signals index is created: .siem-signals-default',
+          status_code: 400,
+        });
+      });
+    });
+
+    describe('creating prepackaged rules', () => {
+      beforeEach(async () => {
+        await createSignalsIndex(supertest);
+      });
+
+      afterEach(async () => {
+        await deleteSignalsIndex(supertest);
+        await deleteAllAlerts(es);
+      });
+
+      it('should contain two output keys of rules_installed and rules_updated', async () => {
+        const { body } = await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        expect(Object.keys(body)).to.eql(['rules_installed', 'rules_updated']);
+      });
+
+      it('should create the prepackaged rules and return a count greater than zero', async () => {
+        const { body } = await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        expect(body.rules_installed).to.be.greaterThan(0);
+      });
+
+      it('should create the prepackaged rules that the rules_updated is of size zero', async () => {
+        const { body } = await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        expect(body.rules_updated).to.eql(0);
+      });
+
+      it('should be possible to call the API twice and the second time the number of rules installed should be zero', async () => {
+        await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        const { body } = await supertest
+          .put(DETECTION_ENGINE_PREPACKAGED_URL)
+          .set('kbn-xsrf', 'true')
+          .send()
+          .expect(200);
+
+        expect(body.rules_installed).to.eql(0);
+      });
+    });
+  });
+};
@@ -0,0 +1,126 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import expect from '@kbn/expect';
+
+import { DETECTION_ENGINE_RULES_URL } from '../../../../plugins/siem/common/constants';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+import {
+  createSignalsIndex,
+  deleteAllAlerts,
+  deleteSignalsIndex,
+  getSimpleRule,
+  getSimpleRuleOutput,
+  getSimpleRuleOutputWithoutRuleId,
+  getSimpleRuleWithoutRuleId,
+  removeServerGeneratedProperties,
+  removeServerGeneratedPropertiesIncludingRuleId,
+  getSimpleMlRule,
+} from '../../utils';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext) => {
+  const supertest = getService('supertest');
+  const es = getService('legacyEs');
+
+  describe('create_rules', () => {
+    describe('validation errors', () => {
+      it('should give an error that the index must exist first if it does not exist before creating a rule', async () => {
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleRule())
+          .expect(400);
+
+        expect(body).to.eql({
+          message:
+            'To create a rule, the index must exist first. Index .siem-signals-default does not exist',
+          status_code: 400,
+        });
+      });
+    });
+
+    describe('creating rules', () => {
+      beforeEach(async () => {
+        await createSignalsIndex(supertest);
+      });
+
+      afterEach(async () => {
+        await deleteSignalsIndex(supertest);
+        await deleteAllAlerts(es);
+      });
+
+      it('should create a single rule with a rule_id', async () => {
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleRule())
+          .expect(200);
+
+        const bodyToCompare = removeServerGeneratedProperties(body);
+        expect(bodyToCompare).to.eql(getSimpleRuleOutput());
+      });
+
+      it('should create a single rule without an input index', async () => {
+        const { index, ...payload } = getSimpleRule();
+        const { index: _index, ...expected } = getSimpleRuleOutput();
+
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(payload)
+          .expect(200);
+
+        const bodyToCompare = removeServerGeneratedProperties(body);
+        expect(bodyToCompare).to.eql(expected);
+      });
+
+      it('should create a single rule without a rule_id', async () => {
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleRuleWithoutRuleId())
+          .expect(200);
+
+        const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body);
+        expect(bodyToCompare).to.eql(getSimpleRuleOutputWithoutRuleId());
+      });
+
+      it('should give a 403 when trying to create a single Machine Learning rule since the license is basic', async () => {
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleMlRule())
+          .expect(403);
+
+        const bodyToCompare = removeServerGeneratedProperties(body);
+        expect(bodyToCompare).to.eql({
+          message: 'Your license does not support machine learning. Please upgrade your license.',
+          status_code: 403,
+        });
+      });
+
+      it('should cause a 409 conflict if we attempt to create the same rule_id twice', async () => {
+        await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleRule())
+          .expect(200);
+
+        const { body } = await supertest
+          .post(DETECTION_ENGINE_RULES_URL)
+          .set('kbn-xsrf', 'true')
+          .send(getSimpleRule())
+          .expect(409);
+
+        expect(body).to.eql({
+          message: 'rule_id: "rule-1" already exists',
+          status_code: 409,
+        });
+      });
+    });
+  });
+};