[Cloud Security] Cloud Asset Discovery onboarding E2E tests (AWS/GCP/Azure)

[seanrathier]

Summary

This PR adds end-to-end (E2E) tests for the Cloud Asset Discovery onboarding flow across AWS, Azure, and GCP. It also extends test utilities and updates Serverless Security configurations to support agentless integration.

Key changes:

• Introduces new E2E test suites for AWS and GCP onboarding:

  • asset_inventory_onboarding_aws.cy.ts
  • asset_inventory_onboarding_gcp.cy.ts
  • asset_inventory_onboarding_azure.cy.ts

• Adds new test helper functions to support the onboarding flows.

• Enables the agentless integration option in the security_solution_cypress/serverless_config.ts, required for enabling agentless support in the CI for Cypress Security Serverless E2E tests.

  • The change is needed because Security Cypress E2E tests use the config when standing up an environment to run the tests labelled with @serverless
  • Note: Local and remote projects created via yarn serverless-security will display the agentless option in agentless-enabled integrations.
  • This feature flag is currently injected in Serverless projects and ECH deployments.

BuildKite Logs

• https://buildkite.com/organizations/elastic/pipelines/kibana-pull-request/builds/307864/jobs/01976453-0149-4a51-8c16-ba84ae81019d/log#257-1814
• https://buildkite.com/organizations/elastic/pipelines/kibana-pull-request/builds/307864/jobs/01976453-0149-4a51-8c16-ba84ae81019d/log#257-3193

Checklist

• Unit or functional tests were updated or added to match the most common scenarios
• Flaky Test Runner was used on any tests changed

Related Issues

• https://github.com/elastic/security-team/issues/12742
• https://github.com/elastic/security-team/issues/12743
• https://github.com/elastic/security-team/issues/12744

[Copilot]

Pull Request Overview

This pull request adds new E2E tests for the Cloud Asset Discovery onboarding for AWS and extends existing test helper methods. Key changes include:

• Adding new Cypress scripts for asset inventory tests in package.json.
• Introducing a new navigation URL constant for the asset inventory integration.
• Creating several new helper functions and comprehensive E2E tests in asset_inventory_onboarding_aws.cy.ts.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
x-pack/test/security_solution_cypress/package.json	Added Cypress script for asset inventory integration tests
x-pack/test/security_solution_cypress/cypress/urls/navigation.ts	Added new URL constant for asset inventory integration
x-pack/test/security_solution_cypress/cypress/helpers/common.ts	Added new helper functions for common assertions
x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory/constants.ts	Added constants to support asset inventory tests
x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_onboarding_aws.cy.ts	Added comprehensive AWS onboarding tests for asset inventory

Comments suppressed due to low confidence (4)

x-pack/test/security_solution_cypress/cypress/urls/navigation.ts:104

• For consistency with other URL constants, consider prefixing ASSET_INVENTORY_INTEGRATION_URL with a '/' to ensure uniformity in route paths.

export const ASSET_INVENTORY_INTEGRATION_URL = 'app/fleet/integrations/cloud_asset_inventory/add-integration';

x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_onboarding_aws.cy.ts:144

• [nitpick] Consider enabling the assertion for SECRET_KEY to verify that the secret key input is correctly processed, or remove the commented code if it is no longer required.

// checkInputValue(SECRET_KEY, testSecretKey);

x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_onboarding_aws.cy.ts:185

• [nitpick] Consider enabling the assertion for TEMPORARY_KEY_SECRET_KEY to ensure that the temporary secret key value is being handled as expected, or remove the commented code if unneeded.

// checkInputValue(TEMPORARY_KEY_SECRET_KEY, testSecretKey);

x-pack/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_onboarding_aws.cy.ts:224

• [nitpick] Consider enabling the secret key assertion in the shared credentials test to ensure comprehensive validation of the integration configuration, or remove the commented line if it is redundant.

// checkInputValue(TEMPORARY_KEY_SECRET_KEY, testSecretKey);

[elasticmachine]

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

[opauloh]

LGTM 💯

[kibanamachine]

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#8374

[✅] Asset Inventory - Cypress: 25/25 tests passed.

see run history

[azasypkin]

Changes in config/serverless.security.yml LGTM.

That being said, enabling fleet.agentless functionality in serverless, which might potentially be a significant change in available functionality, doesn't really correspond to the PR title "Cloud Asset Discovery onboarding E2E tests - AWS/GCP" that implies the change is test-only.

[seanrathier]

@azasypkin, @maxcold

I've updated the title and added more context about the config change.

[afharo]

Config changes LGTM

[semd]

LGTM!

[vgomez-el]

Great work on these onboarding E2E tests!
As a suggestion, consider using our Cypress design patterns—specifically, moving UI selectors into a /screens folder and reusable actions into /tasks. This makes tests easier to maintain and scale as the suite grows.

You can see screens examples here.

And tasks examples here

Let me know if you want any pointers—happy to help!

[seanrathier]

@vgomez-el I updated the locations of the tests to screens and tasks

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 3799641

Metrics [docs]

✅ unchanged

History

• 💛 Build #313691 was flaky 8cb3ef1
• 💔 Build #313550 failed f3aeda8
• 💚 Build #313103 succeeded 828551f
• 💚 Build #308497 succeeded eb29551
• 💔 Build #308487 failed 0d5cecf
• 💚 Build #308068 succeeded 537f74e

[vgomez-el]

LGTM!