[Security Solution] Remove warning for rule filter (elastic#201776)

**Resolves: elastic#178908** ## Summary This PR fixes a warning displayed for the rule when certain filter is present. I followed the suggestion from @nikitaindik in the original ticket and pulled his fix and tested that it works, but it also needed some modification borrowed from QueryBar component, namely to update the filters before displaying the FilterItems component. Note: This PR only covers the Rule Creation / Rules Details page. Two new tickets have been created to cover issues found in other places: elastic#203600 and elastic#203615 # BEFORE <img width="899" alt="image" src="https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0"> # AFTER <img width="901" alt="image" src="https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907"> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Nikita Indik <[email protected]>
benakansara · Jan 2, 2025 · 8b32252 · 8b32252
1 parent c0e0164
commit 8b32252
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 13 deletions.
diff --git a/...blic/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx b/...blic/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { useMemo } from 'react';
 import { isEmpty } from 'lodash/fp';
 import {
   EuiDescriptionList,
@@ -23,8 +23,8 @@ import type {
 import type { Filter } from '@kbn/es-query';
 import type { SavedQuery } from '@kbn/data-plugin/public';
 import { mapAndFlattenFilters } from '@kbn/data-plugin/public';
-import type { DataView } from '@kbn/data-views-plugin/public';
 import { FilterItems } from '@kbn/unified-search-plugin/public';
+import { isDataView } from '../../../../common/components/query_bar';
 import type {
   AlertSuppressionMissingFieldsStrategy,
   EqlOptionalFields,
@@ -40,8 +40,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc
 import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
 import * as threatMatchI18n from '../../../../common/components/threat_match/translations';
 import * as timelinesI18n from '../../../../timelines/components/timeline/translations';
-import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
-import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
 import type { Duration } from '../../../../detections/pages/detection_engine/rules/types';
 import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers';
 import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description';
@@ -65,6 +63,7 @@ import {
   EQL_OPTIONS_EVENT_TIEBREAKER_FIELD_LABEL,
   EQL_OPTIONS_EVENT_TIMESTAMP_FIELD_LABEL,
 } from '../../../rule_creation/components/eql_query_edit/translations';
+import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view';
 
 interface SavedQueryNameProps {
   savedQueryName: string;
@@ -89,16 +88,34 @@ export const Filters = ({
   index,
   'data-test-subj': dataTestSubj,
 }: FiltersProps) => {
-  const flattenedFilters = mapAndFlattenFilters(filters);
-
   const defaultIndexPattern = useDefaultIndexPattern();
+  const useDataViewParams = dataViewId
+    ? { dataViewId }
+    : { indexPatterns: index ?? defaultIndexPattern };
+  const { dataView } = useDataView(useDataViewParams);
+  const isEsql = filters.some((filter) => filter?.query?.language === 'esql');
+  const searchBarFilters = useMemo(() => {
+    if (!index || isDataView(index) || isEsql) {
+      return filters;
+    }
+    const filtersWithUpdatedMetaIndex = filters.map((filter) => {
+      return {
+        ...filter,
+        meta: {
+          ...filter.meta,
+          index: index.join(','),
+        },
+      };
+    });
 
-  const { indexPattern } = useRuleIndexPattern({
-    dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns,
-    index: index ?? defaultIndexPattern,
-    dataViewId,
-  });
+    return filtersWithUpdatedMetaIndex;
+  }, [filters, index, isEsql]);
+
+  if (!dataView) {
+    return null;
+  }
 
+  const flattenedFilters = mapAndFlattenFilters(searchBarFilters);
   const styles = filtersStyles;
 
   return (
@@ -109,7 +126,7 @@ export const Filters = ({
       responsive={false}
       gutterSize="xs"
     >
-      <FilterItems filters={flattenedFilters} indexPatterns={[indexPattern as DataView]} readOnly />
+      <FilterItems filters={flattenedFilters} indexPatterns={[dataView]} readOnly />
     </EuiFlexGroup>
   );
 };

diff --git a/...anagement/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts b/...anagement/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts
@@ -9,7 +9,7 @@ import { useEffect, useState } from 'react';
 import type { DataView } from '@kbn/data-views-plugin/common';
 import { useKibana } from '../../../../../../../../common/lib/kibana';
 
-type UseDataViewParams =
+export type UseDataViewParams =
   | { indexPatterns: string[]; dataViewId?: never }
   | { indexPatterns?: never; dataViewId: string };
 
@@ -33,6 +33,7 @@ export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDa
         if (indexPatternsOrDataViewId.indexPatterns) {
           const indexPatternsDataView = await dataViewsService.create({
             title: indexPatternsOrDataViewId.indexPatterns.join(','),
+            id: indexPatternsOrDataViewId.indexPatterns.join(','),
             allowNoIndex: true,
           });