elasticmachine
commented
1 week ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
Open yctercero opened 1 week ago
elasticmachine
commented
1 week ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
elasticmachine
commented
1 week ago Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
elasticmachine
commented
1 week ago Pinging @elastic/security-detection-engine (Team:Detection Engine)
Summary
A number of our tests (FTRs) make use of utils that manually refresh internal indices. This is ok when running them in ESS, but not when running them in Serverless. In Serverless, the
superuserrole does not have sufficient privileges to execute such actions on internal indices.We can consider elevating the privileges of our test user, but that would make me worry that we may be moving our tests a bit further away from the "true" behavior.
Examples:
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.tsx-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/install_prebuilt_rules_and_timelines.tsAction needed
Determine if there is best practice for conducting actions in tests that users may be blocked from in Serverless environment. Is it absolutely necessary? Could we do without it?