-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve the Wazuh Indexer ISM policies E2E test with test validation #5771
Comments
We need to discuss if we want to include this in RC 2 or not, as operational the issue can miss the release version, although it is desired to complete it before starting a release testing I propose to set 4.10.0 Alpha 2 as version target instead |
Two agents (Red Hat 8 and Windows 11) will be deployed, along with one manager, to validate those steps and check if the retention policy works properly. |
LGTM! |
The default documentation proposes 90d, we should add a test with a shorter time to be able to check that the changes are really applied and the alerts change storage. |
I suggest that we should follow the next template for the following tests: End-to-End (E2E) Testing Guideline
For the conclusions and the issue testing and updates, use the following legend: Status legend
Issue delivery and completion
Deployment requirements
Test description0. Follow and read documentation links to test ISM policies in Wazuh Indexer:https://documentation-dev.wazuh.com/v4.9.1-rc1/user-manual/wazuh-indexer/index-life-management.html 1. Create a retention policy using visual editor (5m)2. Create a retention policy using json editor (5m)3. Applying the retention policy to alerts index (5m)4. Validate that retention policy, checking the size from the file5. Wazuh agent installationKnown issuesThere are no known issues. ConclusionsSummarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:
FeedbackWe value your feedback. Please provide insights on your testing experience.
Reviewers validationThe criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers. All the checkboxes below must be marked in order to close this issue.
|
Why is the agent installation useful? We should add a step that generates an alert, and then check the rotation. In addition, the steps guide us to apply the same retention twice, in different ways, but to check them once later. We should check that the policy is applied every time we modify it, and there should be some difference between the two policies so we are sure that they are being applied and the system is not using the previous one. |
Thanks @juliamagan im totally agree with you, so I suggest the test should be like the following: End-to-End (E2E) Testing Guideline
For the conclusions and the issue testing and updates, use the following legend: Status legend
Issue delivery and completion
Deployment requirements
Test description0. Follow and read documentation links to test ISM policies in Wazuh Indexer:https://documentation-dev.wazuh.com/v4.9.1-rc1/user-manual/wazuh-indexer/index-life-management.html 1. Create a retention policy using visual editor (10 m)Create a retention policy using the visual editor of 10 minutes. 2. Create a retention policy using JSON editor (10 m)Create a retention policy using the JSON editor of 10 minutes. 3. Applying the retention policy to alerts indexApply the retention policies from the previous Steps. 4. Generate a new alert.5. Validate that retention policies, checking the alert generated before does not exist.Check the size of the files where the policies were applied, and check that after 10 minutes the size of the files decreases. And the alert generated in Step 4 does not exist. 6. Modify the time of both retention policies (Steps 1 and 2).7. Apply and check that the modified policies workApply and check that the modified policies work, following once again Step 5 with the modified policies. 8. Roll OverKnown issuesThere are no known issues. ConclusionsSummarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:
FeedbackWe value your feedback. Please provide insights on your testing experience.
Reviewers validationThe criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers. All the checkboxes below must be marked in order to close this issue.
|
This issue goes on hold until it is finished: wazuh/wazuh#26475. |
Description
Reviewing the wazuh/wazuh#25828 issue, I noticed that the steps to be done are executed correctly most of the time, but we are not validating those changes, we should modify the E2E test to validate the changes and check that the retention policy works as expected
This issue also expects to deploy a Wazuh agent on Red Hat 8 and Windows 11, so it would make sense to test the policy retention with data provided by those agents, if not, the agent deployment should be removed
The text was updated successfully, but these errors were encountered: