Skip to content

Commit

Permalink
Review feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
@e40pud
e40pud committed Apr 29, 2024
1 parent 611c445 commit 8ad3a67
Show file tree
Hide file tree
Showing 3 changed files with 56 additions and 97 deletions.
58 changes: 2 additions & 56 deletions ..._solution/server/lib/detection_engine/rule_management/api/rules/bulk_get_sources/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,78 +5,24 @@
* 2.0.
*/

import { BadRequestError, transformError } from '@kbn/securitysolution-es-utils';
import { transformError } from '@kbn/securitysolution-es-utils';
import type { IKibanaResponse, Logger } from '@kbn/core/server';

import type { RulesClient } from '@kbn/alerting-plugin/server';
import { AbortError } from '@kbn/kibana-utils-plugin/common';
import type { BulkGetRulesSourcesResponse } from '../../../../../../../common/api/detection_engine/rule_management/bulk_get_sources/bulk_get_sources_route.gen';
import { BulkGetRulesSourcesRequestBody } from '../../../../../../../common/api/detection_engine/rule_management/bulk_get_sources/bulk_get_sources_route.gen';
import type { RuleAlertType } from '../../../../rule_schema';
import {
DETECTION_ENGINE_RULES_BULK_GET_SOURCES,
MAX_RULES_TO_UPDATE_IN_PARALLEL,
RULES_TABLE_MAX_PAGE_SIZE,
} from '../../../../../../../common/constants';
import type { SetupPlugins } from '../../../../../../plugin';
import type { SecuritySolutionPluginRouter } from '../../../../../../types';
import { buildRouteValidationWithZod } from '../../../../../../utils/build_validation/route_validation';
import type { PromisePoolOutcome } from '../../../../../../utils/promise_pool';
import { initPromisePool } from '../../../../../../utils/promise_pool';
import { findRules } from '../../../logic/search/find_rules';
import { readRules } from '../../../logic/crud/read_rules';
import { buildSiemResponse } from '../../../../routes/utils';
import { fetchRulesByQueryOrIds } from '../bulk_actions/fetch_rules_by_query_or_ids';

const MAX_RULES_TO_PROCESS_TOTAL = 10000;

const fetchRulesByQueryOrIds = async ({
query,
ids,
rulesClient,
abortSignal,
}: {
query: string | undefined;
ids: string[] | undefined;
rulesClient: RulesClient;
abortSignal: AbortSignal;
}): Promise<PromisePoolOutcome<string, RuleAlertType>> => {
if (ids) {
return initPromisePool({
concurrency: MAX_RULES_TO_UPDATE_IN_PARALLEL,
items: ids,
executor: async (id: string) => {
const rule = await readRules({ id, rulesClient, ruleId: undefined });
if (rule == null) {
throw Error('Rule not found');
}
return rule;
},
abortSignal,
});
}

const { data, total } = await findRules({
rulesClient,
perPage: MAX_RULES_TO_PROCESS_TOTAL,
filter: query,
page: undefined,
sortField: undefined,
sortOrder: undefined,
fields: undefined,
});

if (total > MAX_RULES_TO_PROCESS_TOTAL) {
throw new BadRequestError(
`More than ${MAX_RULES_TO_PROCESS_TOTAL} rules matched the filter query. Try to narrow it down.`
);
}

return {
results: data.map((rule) => ({ item: rule.id, result: rule })),
errors: [],
};
};

export const performBulkGetRulesSourcesRoute = (
router: SecuritySolutionPluginRouter,
ml: SetupPlugins['ml'],
Expand Down
2 changes: 1 addition & 1 deletion ...rver/lib/detection_engine/rule_management/logic/bulk_actions/rule_params_modifier.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -732,7 +732,7 @@ describe('ruleParamsModifier', () => {
);
});

describe('Inv 3', () => {
describe('feature flag disabled state', () => {
test('should throw error on adding investigation fields if feature is disabled', () => {
expect(() =>
ruleParamsModifier(
Expand Down
93 changes: 53 additions & 40 deletions ...nse/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context';

export default ({ getService }: FtrProviderContext): void => {
const supertest = getService('supertest');
const securitySolutionApi = getService('securitySolutionApi');
const es = getService('es');
const log = getService('log');
const esArchiver = getService('esArchiver');
Expand Down Expand Up @@ -1089,16 +1090,19 @@ export default ({ getService }: FtrProviderContext): void => {
const ruleId = 'ruleId';
await createRule(supertest, log, getSimpleRule(ruleId));

const { body: bulkEditResponse } = await postBulkAction()
.send({
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.set_investigation_fields,
value: { field_names: ['field-1'] },
},
],
const { body: bulkEditResponse } = await securitySolutionApi
.performBulkAction({
query: {},
body: {
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.set_investigation_fields,
value: { field_names: ['field-1'] },
},
],
},
})
.expect(200);

Expand Down Expand Up @@ -1129,16 +1133,19 @@ export default ({ getService }: FtrProviderContext): void => {
investigation_fields: investigationFields,
});

const { body: bulkEditResponse } = await postBulkAction()
.send({
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.add_investigation_fields,
value: { field_names: ['field-3'] },
},
],
const { body: bulkEditResponse } = await securitySolutionApi
.performBulkAction({
query: {},
body: {
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.add_investigation_fields,
value: { field_names: ['field-3'] },
},
],
},
})
.expect(200);

Expand Down Expand Up @@ -1169,16 +1176,19 @@ export default ({ getService }: FtrProviderContext): void => {
investigation_fields: investigationFields,
});

const { body: bulkEditResponse } = await postBulkAction()
.send({
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.delete_investigation_fields,
value: { field_names: ['field-2'] },
},
],
const { body: bulkEditResponse } = await securitySolutionApi
.performBulkAction({
query: {},
body: {
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: BulkActionEditTypeEnum.delete_investigation_fields,
value: { field_names: ['field-2'] },
},
],
},
})
.expect(200);

Expand Down Expand Up @@ -1242,16 +1252,19 @@ export default ({ getService }: FtrProviderContext): void => {
investigation_fields: existingInvestigationFields,
});

const { body: bulkEditResponse } = await postBulkAction()
.send({
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: operation,
value: investigationFieldsToUpdate,
},
],
const { body: bulkEditResponse } = await securitySolutionApi
.performBulkAction({
query: {},
body: {
query: '',
action: BulkActionTypeEnum.edit,
[BulkActionTypeEnum.edit]: [
{
type: operation,
value: investigationFieldsToUpdate,
},
],
},
})
.expect(200);

Expand Down

0 comments on commit 8ad3a67

Please sign in to comment.