Open yctercero opened 1 week ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-detection-engine (Team:Detection Engine)
Summary
A number of our tests (FTRs) make use of utils that manually refresh internal indices. This is ok when running them in ESS, but not when running them in Serverless. In Serverless, the
superuser
role does not have sufficient privileges to execute such actions on internal indices.We can consider elevating the privileges of our test user, but that would make me worry that we may be moving our tests a bit further away from the "true" behavior.
Examples:
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/install_prebuilt_rules_and_timelines.ts
Action needed
Determine if there is best practice for conducting actions in tests that users may be blocked from in Serverless environment. Is it absolutely necessary? Could we do without it?