[Security Solution] Fix real prebuilt rules package related flakiness in integration tests#227689
Merged
maximpn merged 5 commits intoelastic:mainfrom Jul 21, 2025
Conversation
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#8627[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts: 200/200 tests passed. |
c7e7dd4 to
0eb0bea
Compare
Contributor
Flaky Test Runner Stats🎉 All tests passed! - kibana-flaky-test-suite-runner#8642[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts: 200/200 tests passed. |
0eb0bea to
1023909
Compare
Contributor
💚 Build Succeeded
Metrics [docs]
History
cc @maximpn |
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
xcrzx
approved these changes
Jul 17, 2025
Contributor
xcrzx
left a comment
There was a problem hiding this comment.
LGTM! Just a few minor comments
Comment on lines
+59
to
+60
| beforeAll: | ||
| rootHooks?.beforeAll && !skipRootHooks ? () => rootHooks.beforeAll(providers) : undefined, |
Contributor
There was a problem hiding this comment.
How would the error messages look when a root hook fails?
I’m wondering if we need to add some logging here for better debuggability. Something like:
Suggested change
| beforeAll: | |
| rootHooks?.beforeAll && !skipRootHooks ? () => rootHooks.beforeAll(providers) : undefined, | |
| beforeAll: | |
| rootHooks?.beforeAll && !skipRootHooks | |
| ? async () => { | |
| try { | |
| log.info('Executing rootHooks.beforeAll...'); | |
| await rootHooks.beforeAll(providers); | |
| log.success('rootHooks.beforeAll completed successfully'); | |
| } catch (error) { | |
| log.error(`rootHooks.beforeAll failed: ${error?.message}`); | |
| throw error; | |
| } | |
| } | |
| : undefined, |
Contributor
There was a problem hiding this comment.
good point. If there is no default error handling, we need something like this.
Contributor
Author
There was a problem hiding this comment.
Mocha logs root hooks execution. You may see entries like "before all" hook in "{root}". On top of that error in root hooks get caught and shown. The format seems matching test suite before/beforeEach/...
- Example of a test error in
beforeAll(locally)
info Only running suites (and their sub-suites) if they include the tag(s): [
'x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts'
]
info Starting tests
└-> "before all" hook in "{root}"
└- ✖ fail: "before all" hook in "{root}"
│ Error: Test error
│ at Object.beforeAll (config.base.ts:138:19)
│ at Context._mocha.default.rootHooks.beforeAll (setup_mocha.ts:60:66)
│ at processImmediate (node:internal/timers:485:21)
│
│
│
│0 passing (3ms)
│1 failing
│
│1) "before all" hook in "{root}":
│
│ Error: Test error
│ at Object.beforeAll (config.base.ts:138:19)
│ at Context._mocha.default.rootHooks.beforeAll (setup_mocha.ts:60:66)
│ at processImmediate (node:internal/timers:485:21)
- Example of a successful run (locally)
info Only running suites (and their sub-suites) if they include the tag(s): [
'x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts'
]
info Starting tests
└-> "before all" hook in "{root}"
│ info Installing mock prebuilt rules package...
│ succ Mock prebuilt rules package has been installed
└-: Rules Management - Prebuilt Rules (Common tests)
└-> "before all" hook: beforeTestSuite.trigger in "Rules Management - Prebuilt Rules (Common tests)"
└-: @ess @serverless @skipInServerlessMKI Export prebuilt rules
└-> "before all" hook: beforeTestSuite.trigger for "exports prebuilt rules by rule_ids via the _export API"
└-> exports prebuilt rules by rule_ids via the _export API
└-> "before each" hook: global before each for "exports prebuilt rules by rule_ids via the _export API"
└-> "before each" hook for "exports prebuilt rules by rule_ids via the _export API"
└- ✓ pass (1.5s)
- Example of a successful run (CI)
└-> "before all" hook in "{root}"
--
| └-: Rules Management - Rule import export API
| └-> "before all" hook: beforeTestSuite.trigger in "Rules Management - Rule import export API"
| └-: @ess @serverless @skipInServerlessMKI import_rules
| └-> "before all" hook: beforeTestSuite.trigger in "@ess @serverless @skipInServerlessMKI import_rules"
| └-: threshold validation
| └-> "before all" hook: beforeTestSuite.trigger for "should result in partial success if no threshold-specific fields are provided"
| └-> should result in partial success if no threshold-specific fields are provided
| └-> "before each" hook: global before each for "should result in partial success if no threshold-specific fields are provided"
| └-> "before each" hook for "should result in partial success if no threshold-specific fields are provided"
| └- ✓ pass (64ms)
Comment on lines
+50
to
+53
| after(async () => { | ||
| await deleteAllPrebuiltRuleAssets(es, log); | ||
| await deleteAllRules(supertest, log); | ||
| }); |
Contributor
There was a problem hiding this comment.
Do we need this after cleanup? Cleaning data after execution isn’t very reliable, a test might never execute after due to errors or timeouts. Tests should always prefer before and beforeEach for cleanup and preparing expected state prior to execution, rather than relying on other tests to clean up after themselves.
kibanamachine
added a commit
that referenced
this pull request
Jul 21, 2025
…akiness in integration tests (#227689) (#228777) # Backport This will backport the following commits from `main` to `8.19`: - [[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)](#227689) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-07-21T12:42:34Z","message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","backport:version","v9.1.0","v8.19.0","v9.2.0","v8.18.4","v9.0.4"],"title":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests","number":227689,"url":"https://github.com/elastic/kibana/pull/227689","mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","8.18","9.0"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227689","number":227689,"mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},{"branch":"8.18","label":"v8.18.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Jul 21, 2025
… in integration tests (elastic#227689) **Resolves: elastic#220333 **Resolves: elastic#227571 **Resolves: elastic#219407 ## Summary This PR fixes flakiness caused by the real prebuilt rules package installation. ## Details Multiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable. This PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable. ## Flaky test runner - ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627) - ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642) (cherry picked from commit 76908c5) # Conflicts: # x-pack/test/security_solution_api_integration/config/ess/config.base.ts # x-pack/test/security_solution_api_integration/config/serverless/config.base.ts
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
1 task
kibanamachine
added a commit
that referenced
this pull request
Jul 22, 2025
…kiness in integration tests (#227689) (#228778) # Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)](#227689) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-07-21T12:42:34Z","message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","backport:version","v9.1.0","v8.19.0","v9.2.0","v8.18.4","v9.0.4"],"title":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests","number":227689,"url":"https://github.com/elastic/kibana/pull/227689","mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},"sourceBranch":"main","suggestedTargetBranches":["9.1","8.19","8.18","9.0"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227689","number":227689,"mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},{"branch":"8.18","label":"v8.18.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
Bluefinger
pushed a commit
to Bluefinger/kibana
that referenced
this pull request
Jul 22, 2025
… in integration tests (elastic#227689) **Resolves: elastic#220333 **Resolves: elastic#227571 **Resolves: elastic#219407 ## Summary This PR fixes flakiness caused by the real prebuilt rules package installation. ## Details Multiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable. This PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable. ## Flaky test runner - ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627) - ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)
maximpn
added a commit
that referenced
this pull request
Jul 23, 2025
…akiness in integration tests (#227689) (#228814) # Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)](#227689) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2025-07-21T12:42:34Z","message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","backport:version","v9.1.0","v8.19.0","v9.2.0","v8.18.4","v9.0.4"],"title":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests","number":227689,"url":"https://github.com/elastic/kibana/pull/227689","mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},"sourceBranch":"main","suggestedTargetBranches":["8.18"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/228779","number":228779,"state":"MERGED","mergeCommit":{"sha":"67927486cfb64e83f106c715d1e8c9ac33df477a","message":"[9.1] [Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689) (#228779)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.1`:\n- [[Security Solution] Fix real prebuilt rules package related flakiness\nin integration tests\n(#227689)](https://github.com/elastic/kibana/pull/227689)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/228777","number":228777,"state":"MERGED","mergeCommit":{"sha":"dc37476f1470baad79170f51edee9a432bb6123c","message":"[8.19] [Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689) (#228777)\n\n# Backport\n\nThis will backport the following commits from `main` to `8.19`:\n- [[Security Solution] Fix real prebuilt rules package related flakiness\nin integration tests\n(#227689)](https://github.com/elastic/kibana/pull/227689)\n\n\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sorenlouv/backport)\n\n\n\nCo-authored-by: Maxim Palenov <maxim.palenov@elastic.co>"}},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/227689","number":227689,"mergeCommit":{"message":"[Security Solution] Fix real prebuilt rules package related flakiness in integration tests (#227689)\n\n**Resolves: https://github.com/elastic/kibana/issues/220333**\n**Resolves: https://github.com/elastic/kibana/issues/227571**\n**Resolves: https://github.com/elastic/kibana/issues/219407**\n\n## Summary\n\nThis PR fixes flakiness caused by the real prebuilt rules package installation.\n\n## Details\n\nMultiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.\n\nThis PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.\n\n## Flaky test runner\n\n- ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627)\n- ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)","sha":"76908c5fa09ecdca5b7df5458e2a4cc1fba330c9"}},{"branch":"8.18","label":"v8.18.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.4","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/228778","number":228778,"state":"OPEN"}]}] BACKPORT-->
kertal
pushed a commit
to kertal/kibana
that referenced
this pull request
Jul 25, 2025
… in integration tests (elastic#227689) **Resolves: elastic#220333 **Resolves: elastic#227571 **Resolves: elastic#219407 ## Summary This PR fixes flakiness caused by the real prebuilt rules package installation. ## Details Multiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable. This PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable. ## Flaky test runner - ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627) - ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)
crespocarlos
pushed a commit
to crespocarlos/kibana
that referenced
this pull request
Jul 25, 2025
… in integration tests (elastic#227689) **Resolves: elastic#220333 **Resolves: elastic#227571 **Resolves: elastic#219407 ## Summary This PR fixes flakiness caused by the real prebuilt rules package installation. ## Details Multiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable. This PR extends the Functional Test Runner with `rootHooks.beforeAll` configuration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable. ## Flaky test runner - ✅ [ECH import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8627) - ✅ [Serverless import custom rules integration tests (200 runs)](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8642)
73 tasks
banderror
pushed a commit
that referenced
this pull request
Aug 13, 2025
… reduce flakiness (#229689) **Resolves: #182441 **Resolves: #182442 **Resolves: #228942 **Relates to: #227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 13, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1)
banderror
pushed a commit
to banderror/kibana
that referenced
this pull request
Aug 13, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1) # Conflicts: # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/revert_prebuilt_rule.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression_basic_ess.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression_essentials_serverless.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_via_fleet.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/snoozing/rule_snoozing.cy.ts
banderror
pushed a commit
to banderror/kibana
that referenced
this pull request
Aug 13, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1) # Conflicts: # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/revert_prebuilt_rule.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression_basic_ess.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules_suppression_essentials_serverless.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/customization/rule_customization.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_via_fleet.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/snoozing/rule_snoozing.cy.ts
banderror
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 13, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1)
banderror
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 14, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1)
banderror
pushed a commit
to banderror/kibana
that referenced
this pull request
Aug 14, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1) # Conflicts: # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_via_fleet.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/snoozing/rule_snoozing.cy.ts
fkanout
pushed a commit
to fkanout/kibana
that referenced
this pull request
Aug 14, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121
banderror
pushed a commit
to banderror/kibana
that referenced
this pull request
Aug 16, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1) # Conflicts: # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_via_fleet.cy.ts # x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_actions/snoozing/rule_snoozing.cy.ts
banderror
pushed a commit
to banderror/kibana
that referenced
this pull request
Aug 16, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121 (cherry picked from commit 980add1)
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Aug 18, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
… reduce flakiness (elastic#229689) **Resolves: elastic#182441 **Resolves: elastic#182442 **Resolves: elastic#228942 **Relates to: elastic#227689 ## Summary This PR installs mock prebuilt rules package for e2e Cypress test to reduce flakniess caused by accessing to the real EPR. It's similar to the mock package installation in integration tests [PR](elastic#227689). **Flaky test runner** - ESS: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9120 - Serverless: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/9121
Merged
1 task
gergoabraham
added a commit
that referenced
this pull request
Jan 26, 2026
…leet!` FTR api tests (#250075) ## Summary This PR fixes the flakiness around creating an Endpoint package policy using `endpointPolicyTestResources.createPolicy()`. When an Endpoint package policy is created, the default rules are installed in the background, which process can be flaky, or, together with other functionalities, simply too slow (i.e. taking more than 2 minutes, causing `socket hang up` error). Therefore, there's a workaround by the Detections team to install a mock `security_detection_engine` package. This fix workaround is applied in the EDR API tests as well. For more info, see the original workaround PR: - #227689 Flaky runner: 25/25 ✅ for all 6 test groups: - artifacts ESS + serverless - artifacts with Endpoint exceptions moved FF enabled ESS + serverless - spaces ESS + serverless https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/10576/steps/canvas fix #249780 fix #249463 fix #249468 fix #248923 fix #248759 fix #248578 fix #248554 fix #247416 fix #247211 fix #246564 fix #246341 fix #246450 fix #246356 fix #246207 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Jan 26, 2026
…leet!` FTR api tests (elastic#250075) ## Summary This PR fixes the flakiness around creating an Endpoint package policy using `endpointPolicyTestResources.createPolicy()`. When an Endpoint package policy is created, the default rules are installed in the background, which process can be flaky, or, together with other functionalities, simply too slow (i.e. taking more than 2 minutes, causing `socket hang up` error). Therefore, there's a workaround by the Detections team to install a mock `security_detection_engine` package. This fix workaround is applied in the EDR API tests as well. For more info, see the original workaround PR: - elastic#227689 Flaky runner: 25/25 ✅ for all 6 test groups: - artifacts ESS + serverless - artifacts with Endpoint exceptions moved FF enabled ESS + serverless - spaces ESS + serverless https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/10576/steps/canvas fix elastic#249780 fix elastic#249463 fix elastic#249468 fix elastic#248923 fix elastic#248759 fix elastic#248578 fix elastic#248554 fix elastic#247416 fix elastic#247211 fix elastic#246564 fix elastic#246341 fix elastic#246450 fix elastic#246356 fix elastic#246207 ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit d36d440)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves: #220333
Resolves: #227571
Resolves: #219407
Summary
This PR fixes flakiness caused by the real prebuilt rules package installation.
Details
Multiple Rule Management API endpoints install the prebuilt rules package under the hood when it's not installed. In normal case this installation happens from the EPR. The problem is that EPR might be unavailable for some period of time or there network issues blocking EPR access. On top of that real package is heavy and requires some time and resources to be installed. While the major part of our functionality doesn't depend on the real prebuilt rules package and the concrete rules there. On top of that API endpoints depending on the real prebuilt rules package fail with HTTP 500 error when EPR is unavailable.
This PR extends the Functional Test Runner with
rootHooks.beforeAllconfiguration option which is used to install a lightweight mock prebuilt rules package. This action prevents real package installation make the tests much more predictable.Flaky test runner