Skip to content

Improve system test coverage for all inputs - 2 #16675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
moxarth-rathod wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Improve system test coverage for all inputs - 2 #16675

moxarth-rathod wants to merge 2 commits into from

Conversation

@moxarth-rathod
Copy link
Contributor

@moxarth-rathod moxarth-rathod commented Dec 23, 2025
edited
Loading

Proposed commit message

This PR adds system tests for previously untested input types in integrations. Some integrations
support multiple input types (e.g., cloud-based and API-based), but system tests were missing
for some of these inputs. 

The following integrations now include system tests for the missing input types:

- add httpjson system test:
blacklens

- add CEL system test:
checkpoint_harmony_endpoint

- add AWS system test:
cloudflare_logpush

- add azure blob storage system test:
symantec_enpoint_security

- add GCS system test:
cloudflare_logpush
symantec_enpoint_security

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Related issues

@moxarth-rathod moxarth-rathod self-assigned this Dec 23, 2025
@moxarth-rathod moxarth-rathod added the enhancement New feature or request label Dec 23, 2025
@moxarth-rathod moxarth-rathod requested a review from a team as a code owner December 23, 2025 09:17
@moxarth-rathod moxarth-rathod added Integration:cloudflare_logpush Cloudflare Logpush Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Integration:symantec_endpoint_security Symantec Endpoint Security Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint Integration:blacklens blacklens.io (Community supported) Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors] labels Dec 23, 2025
@elasticmachine
Copy link

elasticmachine commented Dec 23, 2025

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@elasticmachine
Copy link

elasticmachine commented Dec 23, 2025

💚 Build Succeeded

cc @moxarth-rathod

@kcreddy kcreddy self-requested a review December 26, 2025 05:39
kcreddy
kcreddy reviewed Dec 26, 2025
View reviewed changes
packages/symantec_endpoint_security/data_stream/event/_dev/test/system/test-default-config.yml
@@ -1,3 +1,4 @@
deployer: tf
Copy link
Contributor

@kcreddy kcreddy Dec 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you fix indentation of assert.hit_count on this file?
Also add another event and update assert.hit_count: 2 (other inputs too)

packages/symantec_endpoint_security/data_stream/event/fields/beats.yml
- name: arn
type: keyword
description: The AWS S3 bucket ARN.
type: flattened
Copy link
Contributor

@kcreddy kcreddy Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why change this to flattened?

packages/symantec_endpoint_security/data_stream/event/fields/beats.yml
- name: key
type: keyword
description: The AWS S3 Object key.
type: flattened
Copy link
Contributor

@kcreddy kcreddy Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here

packages/symantec_endpoint_security/data_stream/event/fields/beats.yml
Comment on lines +33 to +35
type: flattened
- name: storage
type: flattened
Copy link
Contributor

@kcreddy kcreddy Dec 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check azure* integrations and add explicit mappings here instead of flattened?

Copy link
Contributor Author

@moxarth-rathod moxarth-rathod Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran into an issue during the elastic package check because adding the required fields in the Beats YAML for system tests pushed the total field count beyond the 2048 limit. To resolve this, I had to flatten some of the fields.

Copy link
Contributor

@kcreddy kcreddy Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could increase the total_fields.limit setting inside the manifest.yml to get around this: Example

@kcreddy
Copy link
Contributor

kcreddy commented Dec 26, 2025

@ShourieG, can you please review GCS mock service used in the system tests?

@kcreddy kcreddy requested a review from ShourieG December 26, 2025 12:40
ShourieG
ShourieG approved these changes Dec 29, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for now, I will create a docker image for the mock service and upload to docker registry soon, after that we can remove the redundant mock service code from all the packages and use the image directly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kcreddy kcreddy kcreddy left review comments

@ShourieG ShourieG ShourieG approved these changes

Assignees

@moxarth-rathod moxarth-rathod

Labels

enhancement New feature or request Integration:blacklens blacklens.io (Community supported) Integration:checkpoint_harmony_endpoint Check Point Harmony Endpoint Integration:cloudflare_logpush Cloudflare Logpush Integration:symantec_endpoint_security Symantec Endpoint Security Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] Team:Sit-Crest Crest developers on the Security Integrations team [elastic/sit-crest-contractors]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@moxarth-rathod @elasticmachine @kcreddy @ShourieG