[Security Solution] Intercept individual package installation via Fle…

…et (elastic#161859)

## Summary

During Cypress tests, intercept `POST
/api/fleet/epm/packages/security_detection_engine/*`.

This is the endpoint used when a specific `security_detection_engine`
package is set to be used via the
`--xpack.securitySolution.prebuiltRulesPackageVersion` config flag,
which is used to test by the TRADE team.

This PR updates the test to account for that flow.

### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

(cherry picked from commit 45a483f)

x-pack/plugins/security_solution/cypress/e2e/detection_rules/prebuilt_rules_install_update_workflows.cy.ts

@@ -45,35 +45,57 @@ describe('Detection rules, Prebuilt Rules Installation and Update workflow', ()
 
   describe('Installation of prebuilt rules package via Fleet', () => {
     beforeEach(() => {
-      cy.intercept('POST', '/api/fleet/epm/packages/_bulk*').as('installPackage');
+      cy.intercept('POST', '/api/fleet/epm/packages/_bulk*').as('installPackageBulk');
+      cy.intercept('POST', '/api/fleet/epm/packages/security_detection_engine/*').as(
+        'installPackage'
+      );
       waitForRulesTableToBeLoaded();
     });
 
     it('should install package from Fleet in the background', () => {
       /* Assert that the package in installed from Fleet by checking that
       /* the installSource is "registry", as opposed to "bundle" */
-      cy.wait('@installPackage', {
+      cy.wait('@installPackageBulk', {
         timeout: 60000,
-      }).then(({ response }) => {
-        cy.wrap(response?.statusCode).should('eql', 200);
-
-        const packages = response?.body.items.map(({ name, result }: BulkInstallPackageInfo) => ({
-          name,
-          installSource: result.installSource,
-        }));
-
-        expect(packages.length).to.have.greaterThan(0);
-        expect(packages).to.deep.include.members([
-          { name: 'security_detection_engine', installSource: 'registry' },
-        ]);
+      }).then(({ response: bulkResponse }) => {
+        cy.wrap(bulkResponse?.statusCode).should('eql', 200);
+
+        const packages = bulkResponse?.body.items.map(
+          ({ name, result }: BulkInstallPackageInfo) => ({
+            name,
+            installSource: result.installSource,
+          })
+        );
+
+        const packagesBulkInstalled = packages.map(({ name }: { name: string }) => name);
+
+        // Under normal flow the package is installed via the Fleet bulk install API.
+        // However, for testing purposes the package can be installed via the Fleet individual install API,
+        // so we need to intercept and wait for that request as well.
+        if (!packagesBulkInstalled.includes('security_detection_engine')) {
+          // Should happen only during testing when the `xpack.securitySolution.prebuiltRulesPackageVersion` flag is set
+          cy.wait('@installPackage').then(({ response }) => {
+            cy.wrap(response?.statusCode).should('eql', 200);
+            cy.wrap(response?.body)
+              .should('have.property', 'items')
+              .should('have.length.greaterThan', 0);
+            cy.wrap(response?.body)
+              .should('have.property', '_meta')
+              .should('have.property', 'install_source')
+              .should('eql', 'registry');
+          });
+        } else {
+          // Normal flow, install via the Fleet bulk install API
+          expect(packages.length).to.have.greaterThan(0);
+          expect(packages).to.deep.include.members([
+            { name: 'security_detection_engine', installSource: 'registry' },
+          ]);
+        }
       });
     });
 
     it('should install rules from the Fleet package when user clicks on CTA', () => {
-      /* Retrieve how many rules were installed from the Fleet package */
-      cy.wait('@installPackage', {
-        timeout: 60000,
-      }).then(() => {
+      const getRulesAndAssertNumberInstalled = () => {
         getRuleAssets().then((response) => {
           const ruleIds = response.body.hits.hits.map(
             (hit: { _source: { ['security-rule']: Rule } }) => hit._source['security-rule'].rule_id
@@ -87,6 +109,25 @@ describe('Detection rules, Prebuilt Rules Installation and Update workflow', ()
             .should('be.visible')
             .should('have.text', `${numberOfRulesToInstall} rules installed successfully.`);
         });
+      };
+      /* Retrieve how many rules were installed from the Fleet package */
+      /* See comments in test above for more details */
+      cy.wait('@installPackageBulk', {
+        timeout: 60000,
+      }).then(({ response: bulkResponse }) => {
+        cy.wrap(bulkResponse?.statusCode).should('eql', 200);
+
+        const packagesBulkInstalled = bulkResponse?.body.items.map(
+          ({ name }: { name: string }) => name
+        );
+
+        if (!packagesBulkInstalled.includes('security_detection_engine')) {
+          cy.wait('@installPackage').then(() => {
+            getRulesAndAssertNumberInstalled();
+          });
+        } else {
+          getRulesAndAssertNumberInstalled();
+        }
       });
     });
   });

x-pack/plugins/security_solution/cypress/tasks/api_calls/prebuilt_rules.ts

@@ -170,6 +170,7 @@ export const getRuleAssets = (index: string | undefined = '.kibana_security_solu
 /* during e2e tests, and allow for manual installation of mock rules instead. */
 export const preventPrebuiltRulesPackageInstallation = () => {
   cy.intercept('POST', '/api/fleet/epm/packages/_bulk*', {});
+  cy.intercept('POST', '/api/fleet/epm/packages/security_detection_engine/*', {});
 };
 
 /**