[8.12] [Security Solution] Rule upgrade JSON diff: Hide runtime and internal properties (#174789) #175625
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… properties (elastic#174789) **Resolves: elastic#174844 ## Summary Hides technical/runtime fields that shouldn't be displayed in the JSON diff view. We used to hide only the `revision` field because it can be confused with `version`. This PR hides more fields. Properties that might be displayed as having diff, but shouldn't: - `actions`: shown as diff if user defined an action for a rule - `exceptions_list`: shown as diff if user defined an exception list for a rule - `execution_summary`: shown as diff if user has enabled a rule and it executed at least once - `enabled`: shown as diff if user enabled a rule that's disabled by default (or vice versa) - `updated_at`: always shown as diff because its value is a timestamp of when an API request made - `from`: might be shown as diff if user has clicked "save" after editing a rule, because edit screen's FE code converts value to a different time unit, like 2h -> 7200s - `note`: shown as diff if an old version of a rule didn't define this property, but a new version of a rule has it defined as '' - `threat`: might be shown as diff if user has clicked "save" after editing a rule, because edit screen's FE code adds empty arrays as defaults if threats/techniques/subtechniques weren't set by the user - `machine_learning_job_id`: might be shown as diff if a prebuilt rule uses the legacy string format for this property. On installation, the value is converted into a new array format, which creates a difference between the installed rule (array format) and the update (string format) - `threat_filters`: might be shown as diff if user has clicked "save" after editing a rule, because edit screen's FE code adds null as a default value for "meta" subproperty - `filters`: might be shown as diff if user has clicked "save" after editing a rule, because edit screen's FE code adds [] as a default value - `timestamp_override_fallback_disabled`: might be shown as diff if user has clicked "save" after editing a rule - `meta`: might be shown as diff if user has clicked "save" after editing a rule - `output_index`: unused, shouldn't be shown - `updated_at`, `updated_by`, `created_at`, `created_by`: should be hidden because these are not relevant for the upgrade flow #### Before <img width="1271" alt="Schermafbeelding 2024-01-16 om 13 50 00" src="https://github.com/elastic/kibana/assets/15949146/f72283dc-9a8a-4c95-a9b6-daa84d9356da"> #### After <img width="1271" alt="Schermafbeelding 2024-01-16 om 13 50 36" src="https://github.com/elastic/kibana/assets/15949146/080ef2ea-c108-4d05-8814-0a2ce7f5a0b0"> (cherry picked from commit 5bf935b)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
To update your PR or re-run it, just comment with: cc @nikitaindik |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.12:Questions ?
Please refer to the Backport tool documentation