-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Security Solution]
DetectionRulesClient
: move public methods out a…
…nd add APM spans (#184820) **Partially addresses: #184364 ## Summary This PR is second step in refactoring our newly added `detectionRulesClient`. Changes in this PR: - every public method was extracted into its own file for readability - `_createRule`, `_updateRule`, `_patchRule` and `_upgradePrebuiltRuleWithTypeChange` private methods were removed, their code inlined into the public methods - `toggleRuleEnabledOnUpdate`, `validateMlAuth` and `ClientError` were moved to `utils.ts` - methods are now wrapped in `withSecuritySpan` to report perf stats to APM - renamed `*.rules_management_client.test.ts` -> `*.detection_rules_client.test.ts` - now using the whole `detectionRulesClient` in tests, not just separate methods - simplified parameters of `createDetectionRulesClient`. Now 2 parameters are needed instead of 5, **DetectionRulesClient method showing up in APM** <img width="918" alt="Schermafbeelding 2024-06-05 om 14 00 36" src="https://github.com/elastic/kibana/assets/15949146/c8b469f7-9d0b-4534-a1c9-f35327ec2c4c"> **Extracted methods** Upon reviewing the private methods in `detection_rules_client.ts`, it became apparent that extracting these methods into separate files may not be the most effective approach to improve readability. The primary reason is that these private methods do not provide clear abstractions, making them difficult to name appropriately. Take `_updateRule` as an example. This method combines an existing rule with a rule update to create an InternalRuleUpdate object, which is then passed to `rulesClient.update`. If we were to extract this into a separate file, we would need to import it for use in the public `updateRule` method. This would result in an `updateRule` method that calls `_updateRule`, creating confusion about what the inner `_updateRule` does. Also, extracting only private methods does not significantly improve readability, as these methods do not contain a large amount of code. So I ended up inlining the code from most of these private methods directly into the public methods.
- Loading branch information
1 parent
78b31bb
commit 4ddec38
Showing
19 changed files
with
587 additions
and
592 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
...n/server/lib/detection_engine/rule_management/logic/rule_management/create_custom_rule.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import type { RulesClient } from '@kbn/alerting-plugin/server'; | ||
import type { RuleCreateProps } from '../../../../../../common/api/detection_engine'; | ||
import type { MlAuthz } from '../../../../machine_learning/authz'; | ||
import type { RuleAlertType, RuleParams } from '../../../rule_schema'; | ||
import { withSecuritySpan } from '../../../../../utils/with_security_span'; | ||
import { convertCreateAPIToInternalSchema } from '../../normalization/rule_converters'; | ||
|
||
import { validateMlAuth } from './utils'; | ||
|
||
export interface CreateCustomRuleProps { | ||
params: RuleCreateProps; | ||
} | ||
|
||
export const createCustomRule = async ( | ||
rulesClient: RulesClient, | ||
createCustomRulePayload: CreateCustomRuleProps, | ||
mlAuthz: MlAuthz | ||
): Promise<RuleAlertType> => | ||
withSecuritySpan('DetectionRulesClient.createCustomRule', async () => { | ||
const { params } = createCustomRulePayload; | ||
await validateMlAuth(mlAuthz, params.type); | ||
|
||
const internalRule = convertCreateAPIToInternalSchema(params, { immutable: false }); | ||
const rule = await rulesClient.create<RuleParams>({ | ||
data: internalRule, | ||
}); | ||
|
||
return rule; | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.