-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution] Extend upgrade prebuilt rules context with confli…
…ct resolution functionality (#191721) **Addresses:** #171520 ## Summary This PR implements necessary `UpgradePrebuiltRulesTableContext` changes to provide uses a way to resolve conflicts manually by providing field's resolved value. ## Details During prebuilt rules upgrading users may encounter solvable and non-solvable conflicts between customized and target rule versions. Three-Way-Diff field component allow to specify a desired resolve value user expects to be in the rule after upgrading. It's also possible to customize rules during the upgrading process. Current functionality is informational only without an ability to customize prebuilt rules. As the core part of that process it's required to manage the upgrading state and provide necessary data for downstream components rendering field diffs and accepting user input. **This PR extends** `UpgradePrebuiltRulesTableContext` with rule upgrade state and provides it to `ThreeWayDiffTab` stub component. It's planned to add implementation to `ThreeWayDiffTab` in follow up PRs. **On top of that** `UpgradePrebuiltRulesTableContext` and `AddPrebuiltRulesTableContext` were symmetrically refactored from architecture point of view to improve encapsulation by separation of concerns which leads to slight complexity reduction. ### Feature flag `prebuiltRulesCustomizationEnabled` `ThreeWayDiffTab` is hidden under a feature flag `prebuiltRulesCustomizationEnabled`. It accepts a `finalDiffableRule` which represents rule fields the user expects to see in the upgraded rule. `finalDiffableRule` is a combination of field resolved values and target rule fields where resolved values have precedence.
- Loading branch information
Showing
30 changed files
with
601 additions
and
368 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
18 changes: 18 additions & 0 deletions
18
...ity_solution/common/detection_engine/prebuilt_rules/diff/extract_building_block_object.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { RuleResponse } from '../../../api/detection_engine/model/rule_schema'; | ||
import type { BuildingBlockObject } from '../../../api/detection_engine/prebuilt_rules'; | ||
|
||
export const extractBuildingBlockObject = (rule: RuleResponse): BuildingBlockObject | undefined => { | ||
if (rule.building_block_type == null) { | ||
return undefined; | ||
} | ||
return { | ||
type: rule.building_block_type, | ||
}; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
25 changes: 25 additions & 0 deletions
25
x-pack/plugins/security_solution/common/detection_engine/rule_management/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { ecsFieldMap } from '@kbn/alerts-as-data-utils'; | ||
import type { RequiredField, RequiredFieldInput } from '../../api/detection_engine'; | ||
|
||
/* | ||
Computes the boolean "ecs" property value for each required field based on the ECS field map. | ||
"ecs" property indicates whether the required field is an ECS field or not. | ||
*/ | ||
export const addEcsToRequiredFields = (requiredFields?: RequiredFieldInput[]): RequiredField[] => | ||
(requiredFields ?? []).map((requiredFieldWithoutEcs) => { | ||
const isEcsField = Boolean( | ||
ecsFieldMap[requiredFieldWithoutEcs.name]?.type === requiredFieldWithoutEcs.type | ||
); | ||
|
||
return { | ||
...requiredFieldWithoutEcs, | ||
ecs: isEcsField, | ||
}; | ||
}); |
22 changes: 22 additions & 0 deletions
22
...on/public/detection_engine/rule_management/components/rule_details/three_way_diff_tab.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import React from 'react'; | ||
import type { DiffableRule } from '../../../../../common/api/detection_engine'; | ||
import type { SetFieldResolvedValueFn } from '../../../rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_prebuilt_rules_upgrade_state'; | ||
|
||
interface ThreeWayDiffTabProps { | ||
finalDiffableRule: DiffableRule; | ||
setFieldResolvedValue: SetFieldResolvedValueFn; | ||
} | ||
|
||
export function ThreeWayDiffTab({ | ||
finalDiffableRule, | ||
setFieldResolvedValue, | ||
}: ThreeWayDiffTabProps): JSX.Element { | ||
return <>{JSON.stringify(finalDiffableRule)}</>; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
47 changes: 0 additions & 47 deletions
47
...blic/detection_engine/rule_management/components/rule_details/use_rule_details_flyout.tsx
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.