[Cloud Security] Cypress Test for Misconfiguration Preview and Table for Contextual Flyout

.github/CODEOWNERS

@@ -1765,6 +1765,7 @@ x-pack/plugins/osquery @elastic/security-defend-workflows
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.* @elastic/fleet @elastic/kibana-cloud-security-posture
 /x-pack/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture
+/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/misconfiguration_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture
 
 # Security Solution onboarding tour
 /x-pack/plugins/security_solution/public/common/components/guided_onboarding @elastic/security-threat-hunting-explore

x-pack/plugins/cloud_security_posture/README.md

@@ -20,6 +20,7 @@ For general guidelines, read [Kibana Testing Guide](https://www.elastic.co/guide
 1. [End-to-End Tests](../../test/cloud_security_posture_functional/config.ts)
 1. [Serverless API Integration tests](../../test_serverless/api_integration/test_suites/security/config.ts)
 1. [Serverless End-to-End Tests](../../test_serverless/functional/test_suites/security/config.ts)
+1. [Cypress End-to-End Tests (Temporary location)](../../test/security_solution_cypress/cypress/e2e/explore/hosts)
 
 
 ### Tools
@@ -73,6 +74,15 @@ yarn test:ftr --config x-pack/test_serverless/api_integration/test_suites/securi
 yarn test:ftr --config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
 ```
 
+Run [**End-to-End Cypress Tests**](https://github.com/elastic/kibana/tree/main/x-pack/test/security_solution_cypress/cypress):
+> **Note**
+>
+> Run this from security_solution_cypress folder
+```bash
+yarn cypress:open:serverless
+yarn cypress:open:ess
+```
+
 #### Run **FTR tests (integration or e2e) for development**
 
 Functional test runner (FTR) can be used separately with `ftr:runner` and `ftr:server`. This is convenient while developing tests.
@@ -107,4 +117,19 @@ run serverless e2e tests:
 ```bash
 yarn test:ftr:server --config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
 yarn test:ftr:runner ---config x-pack/test_serverless/functional/test_suites/security/config.cloud_security_posture.ts
-```
+```
+
+#### Run **Cypress tests (e2e) for development**
+When developing feature outside our plugin folder, instead of using FTRs for e2e test, we may use Cypress. Before running cypress, make sure you have installed it first. Like FTRs, we can run cypress in different environment, for example:
+
+run ess e2e tests:
+```bash
+yarn cypress:open:ess
+```
+
+run serverless e2e tests:
+```bash
+yarn cypress:open:serverless
+```
+
+Unlike FTR where we have to set server and runner separately, Cypress handles everything in 1 go, so just running the above the script is enough to get it running

x-pack/plugins/security_solution/public/cloud_security_posture/components/csp_details/misconfiguration_findings_details_table.tsx

@@ -188,6 +188,7 @@ export const MisconfigurationFindingsDetailsTable = memo(
             columns={columns}
             pagination={pagination}
             onChange={onTableChange}
+            data-test-subj={'securitySolutionFlyoutMisconfigurationFindingsTable'}
           />
         </EuiPanel>
       </>

x-pack/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.tsx

@@ -201,6 +201,7 @@ export const MisconfigurationsPreview = ({
         title: (
           <EuiText
             size="xs"
+            data-test-subj={'securitySolutionFlyoutInsightsMisconfigurationsTitleText'}
             css={css`
               font-weight: ${euiTheme.font.weight.semiBold};
             `}

x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/misconfiguration_contextual_flyout.cy.ts

@@ -0,0 +1,232 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN } from '@kbn/cloud-security-posture-common';
+import { createRule } from '../../../tasks/api_calls/rules';
+import { getNewRule } from '../../../objects/rule';
+import { getDataTestSubjectSelector } from '../../../helpers/common';
+
+import { rootRequest, deleteAlertsAndRules } from '../../../tasks/api_calls/common';
+import {
+  expandFirstAlertHostFlyout,
+  expandFirstAlertUserFlyout,
+} from '../../../tasks/asset_criticality/common';
+import { waitForAlertsToPopulate } from '../../../tasks/create_new_rule';
+import { login } from '../../../tasks/login';
+import { ALERTS_URL } from '../../../urls/navigation';
+import { visit } from '../../../tasks/navigation';
+
+const CSP_INSIGHT_MISCONFIGURATION_TITLE = getDataTestSubjectSelector(
+  'securitySolutionFlyoutInsightsMisconfigurationsTitleText'
+);
+
+const CSP_INSIGHT_TAB_TITLE = getDataTestSubjectSelector('securitySolutionFlyoutInsightInputsTab');
+const CSP_INSIGHT_TABLE = getDataTestSubjectSelector(
+  'securitySolutionFlyoutMisconfigurationFindingsTable'
+);
+const NO_FINDINGS_TEXT = getDataTestSubjectSelector('noFindingsDataTestSubj');
+const timestamp = Date.now();
+
+// Create a Date object using the timestamp
+const date = new Date(timestamp);
+
+// Convert the Date object to ISO 8601 format
+const iso8601String = date.toISOString();
+
+const mockFindingHostName = (matches: boolean) => {
+  return {
+    '@timestamp': iso8601String,
+    host: { name: matches ? 'siem-kibana' : 'not-siem-kibana' },
+    resource: {
+      id: '1234ABCD',
+      name: 'kubelet',
+      sub_type: 'lower case sub type',
+    },
+    result: { evaluation: matches ? 'passed' : 'failed' }, // Adjusting result based on matches
+    rule: {
+      name: 'Upper case rule name',
+      section: 'Upper case section',
+      benchmark: {
+        id: 'cis_k8s',
+        posture_type: 'kspm',
+        name: 'CIS Kubernetes V1.23',
+        version: 'v1.0.0',
+      },
+      type: 'process',
+    },
+    cluster_id: 'Upper case cluster id',
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
+  };
+};
+
+const mockFindingUserName = (matches: boolean) => {
+  return {
+    '@timestamp': iso8601String,
+    user: { name: matches ? 'test' : 'not-test' },
+    resource: {
+      id: '1234ABCD',
+      name: 'kubelet',
+      sub_type: 'lower case sub type',
+    },
+    result: { evaluation: matches ? 'passed' : 'failed' }, // Adjusting result based on matches
+    rule: {
+      name: 'Upper case rule name',
+      section: 'Upper case section',
+      benchmark: {
+        id: 'cis_k8s',
+        posture_type: 'kspm',
+        name: 'CIS Kubernetes V1.23',
+        version: 'v1.0.0',
+      },
+      type: 'process',
+    },
+    cluster_id: 'Upper case cluster id',
+    data_stream: {
+      dataset: 'cloud_security_posture.findings',
+    },
+  };
+};
+
+const createMockFinding = (isNameMatches: boolean, findingType: 'host.name' | 'user.name') => {
+  return rootRequest({
+    method: 'POST',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}/_doc`,
+    body:
+      findingType === 'host.name'
+        ? mockFindingHostName(isNameMatches)
+        : mockFindingUserName(isNameMatches),
+  });
+};
+
+const deleteDataStream = () => {
+  return rootRequest({
+    method: 'DELETE',
+    url: `${Cypress.env(
+      'ELASTICSEARCH_URL'
+    )}/_data_stream/${CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN}`,
+  });
+};
+
+describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless'] }, () => {
+  beforeEach(() => {
+    deleteAlertsAndRules();
+    login();
+    createRule(getNewRule());
+    visit(ALERTS_URL);
+    waitForAlertsToPopulate();
+  });
+
+  context('No Misconfiguration Findings', () => {
+    it('should not display Misconfiguration preview under Insights Entities when it does not have Misconfiguration Findings', () => {
+      expandFirstAlertHostFlyout();
+
+      cy.log('check if Misconfiguration preview title is not shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('not.exist');
+    });
+
+    it('should not display Misconfiguration preview under Insights Entities when it does not have Misconfiguration Findings', () => {
+      expandFirstAlertUserFlyout();
+
+      cy.log('check if Misconfiguration preview title is not shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('not.exist');
+    });
+  });
+
+  context('Host name - Has misconfiguration findings', () => {
+    beforeEach(() => {
+      createMockFinding(true, 'host.name');
+      cy.reload();
+      expandFirstAlertHostFlyout();
+    });
+
+    afterEach(() => {
+      deleteDataStream();
+    });
+
+    it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+      cy.log('check if Misconfiguration preview title shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+    });
+
+    it('should display insight tabs and findings table upon clicking on misconfiguration accordion', () => {
+      cy.contains('Failed findings', { timeout: 3000 });
+      cy.contains('Misconfigurations').click();
+      cy.get(CSP_INSIGHT_TAB_TITLE).should('be.visible');
+      cy.get(CSP_INSIGHT_TABLE).should('be.visible');
+    });
+  });
+
+  context(
+    'Host name - Has misconfiguration findings but host name is not the same as alert host name',
+    () => {
+      beforeEach(() => {
+        createMockFinding(false, 'host.name');
+        cy.reload();
+        expandFirstAlertHostFlyout();
+      });
+
+      afterEach(() => {
+        deleteDataStream();
+      });
+
+      it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+        cy.log('check if Misconfiguration preview title shown');
+        cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+        cy.get(NO_FINDINGS_TEXT).should('be.visible');
+      });
+    }
+  );
+
+  context('User name - Has misconfiguration findings', () => {
+    beforeEach(() => {
+      createMockFinding(true, 'user.name');
+      cy.reload();
+      expandFirstAlertUserFlyout();
+    });
+
+    afterEach(() => {
+      deleteDataStream();
+    });
+
+    it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+      cy.log('check if Misconfiguration preview title shown');
+      cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+    });
+
+    it('should display insight tabs and findings table upon clicking on misconfiguration accordion', () => {
+      cy.contains('Failed findings', { timeout: 3000 });
+      cy.contains('Misconfigurations').click();
+      cy.get(CSP_INSIGHT_TAB_TITLE).should('be.visible');
+      cy.get(CSP_INSIGHT_TABLE).should('be.visible');
+    });
+  });
+
+  context(
+    'User name - Has misconfiguration findings but host name is not the same as alert host name',
+    () => {
+      beforeEach(() => {
+        createMockFinding(false, 'user.name');
+        cy.reload();
+        expandFirstAlertHostFlyout();
+      });
+
+      afterEach(() => {
+        deleteDataStream();
+      });
+
+      it('should display Misconfiguration preview under Insights Entities when it has Misconfiguration Findings', () => {
+        cy.log('check if Misconfiguration preview title shown');
+        cy.get(CSP_INSIGHT_MISCONFIGURATION_TITLE).should('be.visible');
+        cy.get(NO_FINDINGS_TEXT).should('be.visible');
+      });
+    }
+  );
+});

x-pack/test/security_solution_cypress/cypress/tsconfig.json

@@ -44,5 +44,6 @@
     "@kbn/securitysolution-endpoint-exceptions-common",
     "@kbn/repo-info",
     "@kbn/elastic-assistant-common",
+    "@kbn/cloud-security-posture-common",
   ]
 }