Skip to content

Commit

Permalink
[Osquery] Fix 7.16.0 BC4 issues (#117682)
Browse files Browse the repository at this point in the history
  • Loading branch information
patrykkopycinski authored Nov 8, 2021
1 parent f68d5ad commit d366cff
Show file tree
Hide file tree
Showing 24 changed files with 365 additions and 227 deletions.
2 changes: 1 addition & 1 deletion x-pack/plugins/osquery/common/schemas/common/schemas.ts
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ export const ecsMapping = t.record(
t.string,
t.partial({
field: t.string,
value: t.string,
value: t.union([t.string, t.array(t.string)]),
})
);
export type ECSMapping = t.TypeOf<typeof ecsMapping>;
Expand Down
17 changes: 10 additions & 7 deletions x-pack/plugins/osquery/public/actions/actions_table.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { isArray, pickBy } from 'lodash';
import { isArray, isEmpty, pickBy } from 'lodash';
import { i18n } from '@kbn/i18n';
import { EuiBasicTable, EuiButtonIcon, EuiCodeBlock, formatDate } from '@elastic/eui';
import React, { useState, useCallback, useMemo } from 'react';
Expand Down Expand Up @@ -72,12 +72,15 @@ const ActionsTableComponent = () => {
const handlePlayClick = useCallback(
(item) =>
push('/live_queries/new', {
form: pickBy({
agentIds: item.fields.agents,
query: item._source.data.query,
ecs_mapping: item._source.data.ecs_mapping,
savedQueryId: item._source.data.saved_query_id,
}),
form: pickBy(
{
agentIds: item.fields.agents,
query: item._source.data.query,
ecs_mapping: item._source.data.ecs_mapping,
savedQueryId: item._source.data.saved_query_id,
},
(value) => !isEmpty(value)
),
}),
[push]
);
Expand Down
19 changes: 15 additions & 4 deletions x-pack/plugins/osquery/public/components/osquery_icon/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,25 @@
* 2.0.
*/

import React from 'react';
import React, { useEffect, useState } from 'react';
import { EuiIcon, EuiIconProps } from '@elastic/eui';
import OsqueryLogo from './osquery.svg';

export type OsqueryIconProps = Omit<EuiIconProps, 'type'>;

const OsqueryIconComponent: React.FC<OsqueryIconProps> = (props) => (
<EuiIcon size="xl" type={OsqueryLogo} {...props} />
);
const OsqueryIconComponent: React.FC<OsqueryIconProps> = (props) => {
const [Icon, setIcon] = useState<React.ReactElement | null>(null);

// FIXME: This is a hack to force the icon to be loaded asynchronously.
useEffect(() => {
const interval = setInterval(() => {
setIcon(<EuiIcon size="xl" type={OsqueryLogo} {...props} />);
}, 0);

return () => clearInterval(interval);
}, [props, setIcon]);

return Icon;
};

export const OsqueryIcon = React.memo(OsqueryIconComponent);
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,16 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo<
streams: [],
policy_template: 'osquery_manager',
});
} else {
if (!draft.inputs[0].type) {
set(draft, 'inputs[0].type', 'osquery');
}
if (!draft.inputs[0].policy_template) {
set(draft, 'inputs[0].policy_template', 'osquery_manager');
}
if (!draft.inputs[0].enabled) {
set(draft, 'inputs[0].enabled', true);
}
}
});
onChange({
Expand Down
30 changes: 12 additions & 18 deletions x-pack/plugins/osquery/public/live_queries/form/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({

const { data, isLoading, mutateAsync, isError, isSuccess } = useMutation(
(payload: Record<string, unknown>) =>
// eslint-disable-next-line @typescript-eslint/no-explicit-any
http.post<any>('/internal/osquery/action', {
body: JSON.stringify(payload),
}),
Expand Down Expand Up @@ -137,11 +138,6 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
type: FIELD_TYPES.JSON,
validations: [],
},
hidden: {
defaultValue: false,
type: FIELD_TYPES.TOGGLE,
validations: [],
},
};

const { form } = useForm({
Expand All @@ -152,21 +148,24 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({

if (isValid) {
try {
await mutateAsync({
...formData,
...(isEmpty(ecsFieldValue) ? {} : { ecs_mapping: ecsFieldValue }),
});
await mutateAsync(
pickBy(
{
...formData,
...(isEmpty(ecsFieldValue) ? {} : { ecs_mapping: ecsFieldValue }),
},
(value) => !isEmpty(value)
)
);
// eslint-disable-next-line no-empty
} catch (e) {}
}
},
options: {
stripEmptyFields: false,
},
serializer: ({ savedQueryId, hidden, ...formData }) => ({
...pickBy({ ...formData, saved_query_id: savedQueryId }),
...(hidden != null && hidden ? { hidden } : {}),
}),
serializer: ({ savedQueryId, ...formData }) =>
pickBy({ ...formData, saved_query_id: savedQueryId }, (value) => !isEmpty(value)),
defaultValue: deepMerge(
{
agentSelection: {
Expand All @@ -177,7 +176,6 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
},
query: '',
savedQueryId: null,
hidden: false,
},
defaultValue ?? {}
),
Expand Down Expand Up @@ -419,9 +417,6 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
if (defaultValue?.query) {
setFieldValue('query', defaultValue?.query);
}
if (defaultValue?.hidden) {
setFieldValue('hidden', defaultValue?.hidden);
}
// TODO: Set query and ECS mapping from savedQueryId object
if (defaultValue?.savedQueryId) {
setFieldValue('savedQueryId', defaultValue?.savedQueryId);
Expand All @@ -436,7 +431,6 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
<Form form={form}>
{formType === 'steps' ? <EuiSteps steps={formSteps} /> : simpleForm}
<UseField path="savedQueryId" component={GhostFormField} />
<UseField path="hidden" component={GhostFormField} />
</Form>
{showSavedQueryFlyout ? (
<SavedQueryFlyout
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/osquery/public/packs/form/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ const PackFormComponent: React.FC<PackFormProps> = ({ defaultValue, editMode = f
defaultValue: [],
type: FIELD_TYPES.COMBO_BOX,
label: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldLabel', {
defaultMessage: 'Agent policies (optional)',
defaultMessage: 'Scheduled agent policies (optional)',
}),
helpText: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldHelpText', {
defaultMessage: 'Queries in this pack are scheduled for agents in the selected policies.',
Expand Down
19 changes: 11 additions & 8 deletions x-pack/plugins/osquery/public/packs/form/queries_field.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import { findIndex, forEach, pullAt, pullAllBy, pickBy } from 'lodash';
import { isEmpty, findIndex, forEach, pullAt, pullAllBy, pickBy } from 'lodash';
import { EuiFlexGroup, EuiFlexItem, EuiButton, EuiSpacer } from '@elastic/eui';
import { produce } from 'immer';
import React, { useCallback, useMemo, useState } from 'react';
Expand Down Expand Up @@ -133,13 +133,16 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({ field, handleNameC
produce((draft) => {
forEach(parsedContent.queries, (newQuery, newQueryId) => {
draft.push(
pickBy({
id: newQueryId,
interval: newQuery.interval ?? parsedContent.interval,
query: newQuery.query,
version: newQuery.version ?? parsedContent.version,
platform: getSupportedPlatforms(newQuery.platform ?? parsedContent.platform),
})
pickBy(
{
id: newQueryId,
interval: newQuery.interval ?? parsedContent.interval,
query: newQuery.query,
version: newQuery.version ?? parsedContent.version,
platform: getSupportedPlatforms(newQuery.platform ?? parsedContent.platform),
},
(value) => !isEmpty(value)
)
);
});

Expand Down
50 changes: 25 additions & 25 deletions x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import {
PersistedIndexPatternLayer,
PieVisualizationState,
} from '../../../lens/public';
import { FilterStateStore, IndexPattern } from '../../../../../src/plugins/data/common';
import { FilterStateStore, DataView } from '../../../../../src/plugins/data/common';
import { useKibana } from '../common/lib/kibana';
import { OsqueryManagerPackagePolicyInputStream } from '../../common/types';
import { ScheduledQueryErrorsTable } from './scheduled_query_errors_table';
Expand Down Expand Up @@ -130,12 +130,12 @@ function getLensAttributes(
references: [
{
id: 'logs-*',
name: 'indexpattern-datasource-current-indexpattern',
name: 'dataView-datasource-current-dataView',
type: 'index-pattern',
},
{
id: 'logs-*',
name: 'indexpattern-datasource-layer-layer1',
name: 'dataView-datasource-layer-layer1',
type: 'index-pattern',
},
{
Expand Down Expand Up @@ -377,7 +377,7 @@ interface ScheduledQueryLastResultsProps {
actionId: string;
queryId: string;
interval: number;
logsIndexPattern: IndexPattern | undefined;
logsDataView: DataView | undefined;
toggleErrors: (payload: { queryId: string; interval: number }) => void;
expanded: boolean;
}
Expand All @@ -386,20 +386,20 @@ const ScheduledQueryLastResults: React.FC<ScheduledQueryLastResultsProps> = ({
actionId,
queryId,
interval,
logsIndexPattern,
logsDataView,
toggleErrors,
expanded,
}) => {
const { data: lastResultsData, isFetched } = usePackQueryLastResults({
actionId,
interval,
logsIndexPattern,
logsDataView,
});

const { data: errorsData, isFetched: errorsFetched } = usePackQueryErrors({
actionId,
interval,
logsIndexPattern,
logsDataView,
});

const handleErrorsToggle = useCallback(
Expand Down Expand Up @@ -512,14 +512,14 @@ interface PackViewInActionProps {
id: string;
interval: number;
};
logsIndexPattern: IndexPattern | undefined;
logsDataView: DataView | undefined;
packName: string;
agentIds?: string[];
}

const PackViewInDiscoverActionComponent: React.FC<PackViewInActionProps> = ({
item,
logsIndexPattern,
logsDataView,
packName,
agentIds,
}) => {
Expand All @@ -528,7 +528,7 @@ const PackViewInDiscoverActionComponent: React.FC<PackViewInActionProps> = ({
const { data: lastResultsData } = usePackQueryLastResults({
actionId,
interval,
logsIndexPattern,
logsDataView,
});

const startDate = lastResultsData?.['@timestamp']
Expand All @@ -554,7 +554,7 @@ const PackViewInDiscoverAction = React.memo(PackViewInDiscoverActionComponent);

const PackViewInLensActionComponent: React.FC<PackViewInActionProps> = ({
item,
logsIndexPattern,
logsDataView,
packName,
agentIds,
}) => {
Expand All @@ -563,7 +563,7 @@ const PackViewInLensActionComponent: React.FC<PackViewInActionProps> = ({
const { data: lastResultsData } = usePackQueryLastResults({
actionId,
interval,
logsIndexPattern,
logsDataView,
});

const startDate = lastResultsData?.['@timestamp']
Expand Down Expand Up @@ -602,17 +602,17 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
Record<string, ReturnType<typeof ScheduledQueryExpandedContent>>
>({});

const indexPatterns = useKibana().services.data.indexPatterns;
const [logsIndexPattern, setLogsIndexPattern] = useState<IndexPattern | undefined>(undefined);
const dataViews = useKibana().services.data.dataViews;
const [logsDataView, setLogsDataView] = useState<DataView | undefined>(undefined);

useEffect(() => {
const fetchLogsIndexPattern = async () => {
const indexPattern = await indexPatterns.find('logs-*');
const fetchLogsDataView = async () => {
const dataView = await dataViews.find('logs-*');

setLogsIndexPattern(indexPattern[0]);
setLogsDataView(dataView[0]);
};
fetchLogsIndexPattern();
}, [indexPatterns]);
fetchLogsDataView();
}, [dataViews]);

const renderQueryColumn = useCallback(
(query: string) => (
Expand Down Expand Up @@ -645,39 +645,39 @@ const PackQueriesStatusTableComponent: React.FC<PackQueriesStatusTableProps> = (
const renderLastResultsColumn = useCallback(
(item) => (
<ScheduledQueryLastResults
logsIndexPattern={logsIndexPattern}
logsDataView={logsDataView}
queryId={item.id}
actionId={getPackActionId(item.id, packName)}
interval={item.interval}
toggleErrors={toggleErrors}
expanded={!!itemIdToExpandedRowMap[item.id]}
/>
),
[itemIdToExpandedRowMap, packName, toggleErrors, logsIndexPattern]
[itemIdToExpandedRowMap, packName, toggleErrors, logsDataView]
);

const renderDiscoverResultsAction = useCallback(
(item) => (
<PackViewInDiscoverAction
item={item}
agentIds={agentIds}
logsIndexPattern={logsIndexPattern}
logsDataView={logsDataView}
packName={packName}
/>
),
[agentIds, logsIndexPattern, packName]
[agentIds, logsDataView, packName]
);

const renderLensResultsAction = useCallback(
(item) => (
<PackViewInLensAction
item={item}
agentIds={agentIds}
logsIndexPattern={logsIndexPattern}
logsDataView={logsDataView}
packName={packName}
/>
),
[agentIds, logsIndexPattern, packName]
[agentIds, logsDataView, packName]
);

const getItemId = useCallback(
Expand Down
4 changes: 3 additions & 1 deletion x-pack/plugins/osquery/public/packs/pack_queries_table.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { i18n } from '@kbn/i18n';
import { PlatformIcons } from './queries/platforms';
import { OsqueryManagerPackagePolicyInputStream } from '../../common/types';

interface PackQueriesTableProps {
export interface PackQueriesTableProps {
data: OsqueryManagerPackagePolicyInputStream[];
onDeleteClick?: (item: OsqueryManagerPackagePolicyInputStream) => void;
onEditClick?: (item: OsqueryManagerPackagePolicyInputStream) => void;
Expand Down Expand Up @@ -184,3 +184,5 @@ const PackQueriesTableComponent: React.FC<PackQueriesTableProps> = ({
};

export const PackQueriesTable = React.memo(PackQueriesTableComponent);
// eslint-disable-next-line import/no-default-export
export default PackQueriesTable;
Loading

0 comments on commit d366cff

Please sign in to comment.