[SecuritySolution] Fix behavior of pinnend events and comments on unsaved timelines #178212
Conversation
janmonschke
added
release_note:fix
Team:Threat Hunting:Investigations
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
|
@janmonschke I haven't looked at the code itself yet, but have pulled down the branch and tested locally. While the fix seems to be working just fine, I'm not sure the approach is what I would have done.
|
|
@PhilippeOberti Agreed, wdyt about #178525 ? |
|
Reopened this PR and updated/improved the tests. |
x-pack/plugins/security_solution/public/timelines/store/middlewares/timeline_note.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
| const kibanaServer = getService('kibanaServer'); | ||
| const supertest = getService('supertest'); | ||
|
|
||
| describe('Draft timeline - Saved Objects', () => { |
There was a problem hiding this comment.
There were no FTR tests for the draft timeline route at all and parts of it were actually broken (see 633b8b6).
| @@ -15,7 +15,7 @@ export const persistPinnedEvent = async ({ | |||
| }: { | |||
| eventId: string; | |||
| pinnedEventId?: string | null; | |||
| timelineId?: string | null; | |||
| timelineId: string; | |||
There was a problem hiding this comment.
The presence of timelineId is now enforced on the API.
| @@ -51,9 +51,6 @@ export const NoteRuntimeType = runtimeTypes.intersection([ | |||
| noteId: runtimeTypes.string, | |||
| version: runtimeTypes.string, | |||
| }), | |||
| runtimeTypes.partial({ | |||
There was a problem hiding this comment.
timelineVersion is obsolete now.
| @@ -14,10 +14,10 @@ export const pinnedEventIds = unionWithNullType(runtimeTypes.array(runtimeTypes. | |||
| export const persistPinnedEventSchema = runtimeTypes.intersection([ | |||
| runtimeTypes.type({ | |||
| eventId: runtimeTypes.string, | |||
| timelineId: runtimeTypes.string, | |||
There was a problem hiding this comment.
Same here, timelineId is not optional anymore
| @@ -51,9 +51,6 @@ export const PinnedEventRuntimeType = runtimeTypes.intersection([ | |||
| version: runtimeTypes.string, | |||
| }), | |||
| BarePinnedEventType, | |||
| runtimeTypes.partial({ | |||
There was a problem hiding this comment.
And here as well, no more need for timelineVersion
| @@ -366,13 +366,6 @@ describe('Body', () => { | |||
| }).type, | |||
| }) | |||
| ); | |||
| expect(mockDispatch).toHaveBeenNthCalledWith( | |||
There was a problem hiding this comment.
The business logic of automatic pinning of events with a note has been moved to the redux middleware.
|
|
||
| const currentTimeline = selectTimelineById(store.getState(), localTimelineId); | ||
|
|
||
| // Automatically pin an associated event if it's not pinned yet |
There was a problem hiding this comment.
The automatic pin logic moved here
| @@ -34,7 +34,7 @@ describe('saved_object', () => { | |||
| }); | |||
|
|
|||
| describe('Set create / update time correctly ', () => { | |||
| test('Creating a timeline', () => { | |||
| test('Creating a note', () => { | |||
There was a problem hiding this comment.
This was a referring to the wrong object in the entire file.
| const shallowCopyOfNote = { ...note }; | ||
| let timelineVersion: string | undefined; | ||
|
|
||
| if (note.timelineId == null) { |
There was a problem hiding this comment.
This was the piece of code that would create a timeline when no timelineId was provided. Which is not needed anymore.
| @@ -49,8 +48,7 @@ export const deleteAllPinnedEventsOnTimeline = async ( | |||
| const savedObjectsClient = (await request.context.core).savedObjects.client; | |||
| const options: SavedObjectsFindOptions = { | |||
| type: pinnedEventSavedObjectType, | |||
| search: timelineId, | |||
| searchFields: ['timelineId'], | |||
| hasReference: { type: timelineSavedObjectType, id: timelineId }, | |||
There was a problem hiding this comment.
Deleting pinned events was actually not working before. There are tests for this in the new draft timeline ftr tests.
|
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @janmonschke |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
janmonschke
removed
backport missing
Summary
As described in #178182, the removal of autosave on timeline resulted in a regression in which pinned events and comments on unsaved timelines are lost.
In this PR, we're re-introducing the previous behavior by saving the timeline when a comment is made / an event is pinned on an unsaved timeline. The timeline will then be auto-saved in a
draftstate instead of anactivestate that would persist it permanently.Fixes #178182
Checklist