Skip to content

Commit

Permalink
Merge branch 'main' into discover-get-app-wrapper-extension
Browse files Browse the repository at this point in the history
  • Loading branch information
davismcphee authored Nov 1, 2024
2 parents 38aa7be + 0ecef0a commit f27a7d1
Show file tree
Hide file tree
Showing 89 changed files with 347 additions and 2,205 deletions.
540 changes: 0 additions & 540 deletions oas_docs/bundle.json

Large diffs are not rendered by default.

540 changes: 0 additions & 540 deletions oas_docs/bundle.serverless.json

Large diffs are not rendered by default.

379 changes: 0 additions & 379 deletions oas_docs/output/kibana.serverless.yaml

Large diffs are not rendered by default.

379 changes: 0 additions & 379 deletions oas_docs/output/kibana.yaml

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ const ObservabilityUptimeAlertOptional = rt.partial({
'anomaly.start': schemaDate,
configId: schemaString,
'error.message': schemaString,
'error.stack_trace': schemaString,
'host.name': schemaString,
'kibana.alert.context': schemaUnknown,
'kibana.alert.evaluation.threshold': schemaStringOrNumber,
Expand Down
1 change: 1 addition & 0 deletions packages/kbn-es-types/src/search.ts
Original file line number Diff line number Diff line change
Expand Up @@ -682,6 +682,7 @@ export interface ESQLSearchResponse {
all_columns?: ESQLColumn[];
values: ESQLRow[];
took?: number;
_clusters?: estypes.ClusterStatistics;
}

export interface ESQLSearchParams {
Expand Down
17 changes: 17 additions & 0 deletions packages/kbn-search-response-warnings/src/extract_warnings.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

import { estypes } from '@elastic/elasticsearch';
import type { Start as InspectorStartContract } from '@kbn/inspector-plugin/public';
import type { ESQLSearchResponse } from '@kbn/es-types';
import type { RequestAdapter } from '@kbn/inspector-plugin/common/adapters/request';
import { extractWarnings } from './extract_warnings';

Expand Down Expand Up @@ -108,6 +109,22 @@ describe('extract search response warnings', () => {

expect(warnings).toEqual([]);
});

it('should not include warnings when there is no _clusters or _shards information', () => {
const warnings = extractWarnings(
{
took: 46,
all_columns: [{ name: 'field1', type: 'string' }],
columns: [{ name: 'field1', type: 'string' }],
values: [['value1']],
} as ESQLSearchResponse,
mockInspectorService,
mockRequestAdapter,
'My request'
);

expect(warnings).toEqual([]);
});
});

describe('remote clusters', () => {
Expand Down
14 changes: 9 additions & 5 deletions packages/kbn-search-response-warnings/src/extract_warnings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,26 +8,29 @@
*/

import { estypes } from '@elastic/elasticsearch';
import type { ESQLSearchResponse } from '@kbn/es-types';
import type { Start as InspectorStartContract, RequestAdapter } from '@kbn/inspector-plugin/public';
import type { SearchResponseWarning } from './types';

/**
* @internal
*/
export function extractWarnings(
rawResponse: estypes.SearchResponse,
rawResponse: estypes.SearchResponse | ESQLSearchResponse,
inspectorService: InspectorStartContract,
requestAdapter: RequestAdapter,
requestName: string,
requestId?: string
): SearchResponseWarning[] {
const warnings: SearchResponseWarning[] = [];

// ES|QL supports _clusters in case of CCS but doesnt support _shards and timed_out (yet)
const isPartial = rawResponse._clusters
? rawResponse._clusters.partial > 0 ||
rawResponse._clusters.skipped > 0 ||
rawResponse._clusters.running > 0
: rawResponse.timed_out || rawResponse._shards.failed > 0;
: ('timed_out' in rawResponse && rawResponse.timed_out) ||
('_shards' in rawResponse && rawResponse._shards.failed > 0);
if (isPartial) {
warnings.push({
type: 'incomplete',
Expand All @@ -39,9 +42,10 @@ export function extractWarnings(
status: 'partial',
indices: '',
took: rawResponse.took,
timed_out: rawResponse.timed_out,
_shards: rawResponse._shards,
failures: rawResponse._shards.failures,
timed_out: 'timed_out' in rawResponse && rawResponse.timed_out,
...('_shards' in rawResponse
? { _shards: rawResponse._shards, failures: rawResponse._shards.failures }
: {}),
},
},
openInInspector: () => {
Expand Down
1 change: 1 addition & 0 deletions packages/kbn-search-response-warnings/tsconfig.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
"@kbn/core",
"@kbn/react-kibana-mount",
"@kbn/core-i18n-browser",
"@kbn/es-types",
],
"exclude": ["target/**/*"]
}

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ const createPolicies = (
const agentPolicyStatus = {
id: agentPolicy.id,
name: agentPolicy.name,
agents: agentStatusByAgentPolicyId[agentPolicy.id]?.total,
agents: agentStatusByAgentPolicyId[agentPolicy.id]?.active,
};
return {
package_policy: cloudDefendPackage,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ export const getBenchmarkApplicableTo = (benchmarkId: BenchmarksCisId) => {
};

export const getCloudProviderNameFromAbbreviation = (cloudProvider: string) => {
switch (cloudProvider) {
switch (cloudProvider.toLowerCase()) {
case 'azure':
return CLOUD_PROVIDER_NAMES.AZURE;
case 'aws':
Expand Down
30 changes: 30 additions & 0 deletions x-pack/plugins/cloud_security_posture/public/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -256,3 +256,33 @@ export const VULNERABILITY_GROUPING_OPTIONS = {
CLOUD_ACCOUNT_NAME: VULNERABILITY_FIELDS.CLOUD_ACCOUNT_NAME,
CVE: VULNERABILITY_FIELDS.VULNERABILITY_ID,
};

/*
The fields below are default columns of the Cloud Security Data Table that need to have keyword mapping.
The runtime mappings are used to prevent filtering out the data when any of these columns are sorted in the Data Table.
TODO: Remove the fields below once they are mapped as Keyword in the Third Party integrations, or remove
the fields from the runtime mappings if they are removed from the Data Table.
*/
export const CDR_VULNERABILITY_DATA_TABLE_RUNTIME_MAPPING_FIELDS: string[] = [
VULNERABILITY_FIELDS.VENDOR,
];
export const CDR_MISCONFIGURATION_DATA_TABLE_RUNTIME_MAPPING_FIELDS: string[] = [
'rule.benchmark.rule_number',
'rule.section',
'resource.sub_type',
];

/*
The fields below are used to group the data in the Cloud Security Data Table.
The keys are the fields that are used to group the data, and the values are the fields that need to have keyword mapping
to prevent filtering out the data when grouping by the key field.
TODO: Remove the fields below once they are mapped as Keyword in the Third Party integrations, or remove
the fields from the runtime mappings if they are removed from the Data Table.
*/
export const CDR_VULNERABILITY_GROUPING_RUNTIME_MAPPING_FIELDS: Record<string, string[]> = {
[VULNERABILITY_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME]: [VULNERABILITY_FIELDS.CLOUD_PROVIDER],
};
export const CDR_MISCONFIGURATION_GROUPING_RUNTIME_MAPPING_FIELDS: Record<string, string[]> = {
[FINDINGS_GROUPING_OPTIONS.ORCHESTRATOR_CLUSTER_NAME]: ['orchestrator.cluster.name'],
[FINDINGS_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME]: ['cloud.account.name'],
};
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ interface Props {
}

const getCloudProviderIcon = (cloudProvider: string) => {
switch (cloudProvider) {
switch (cloudProvider.toLowerCase()) {
case 'azure':
return 'logoAzure';
case 'aws':
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,6 @@ export interface FindingsGroupingAggregation {
resourceSubType?: {
buckets?: GenericBuckets[];
};
resourceType?: {
buckets?: GenericBuckets[];
};
benchmarkName?: {
buckets?: GenericBuckets[];
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import type { CspBenchmarkRulesStates } from '@kbn/cloud-security-posture-common
import type { FindingsBaseEsQuery } from '@kbn/cloud-security-posture';
import { useGetCspBenchmarkRulesStatesApi } from '@kbn/cloud-security-posture/src/hooks/use_get_benchmark_rules_state_api';
import type { RuntimePrimitiveTypes } from '@kbn/data-views-plugin/common';
import { CDR_MISCONFIGURATION_DATA_TABLE_RUNTIME_MAPPING_FIELDS } from '../../../common/constants';
import { useKibana } from '../../../common/hooks/use_kibana';
import { getAggregationCount, getFindingsCountAggQuery } from '../utils/utils';

Expand All @@ -41,17 +42,18 @@ interface FindingsAggs {
}

const getRuntimeMappingsFromSort = (sort: string[][]) => {
return sort.reduce((acc, [field]) => {
// TODO: Add proper type for all fields available in the field selector
const type: RuntimePrimitiveTypes = field === '@timestamp' ? 'date' : 'keyword';
return sort
.filter(([field]) => CDR_MISCONFIGURATION_DATA_TABLE_RUNTIME_MAPPING_FIELDS.includes(field))
.reduce((acc, [field]) => {
const type: RuntimePrimitiveTypes = 'keyword';

return {
...acc,
[field]: {
type,
},
};
}, {});
return {
...acc,
[field]: {
type,
},
};
}, {});
};

export const getFindingsQuery = (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import {
} from '@kbn/cloud-security-posture-common';
import { useGetCspBenchmarkRulesStatesApi } from '@kbn/cloud-security-posture/src/hooks/use_get_benchmark_rules_state_api';
import {
CDR_MISCONFIGURATION_GROUPING_RUNTIME_MAPPING_FIELDS,
FINDINGS_GROUPING_OPTIONS,
LOCAL_STORAGE_FINDINGS_GROUPING_KEY,
} from '../../../common/constants';
Expand Down Expand Up @@ -90,7 +91,6 @@ const getAggregationsByGroupField = (field: string): NamedAggregation[] => {
...aggMetrics,
getTermAggregation('resourceName', 'resource.id'),
getTermAggregation('resourceSubType', 'resource.sub_type'),
getTermAggregation('resourceType', 'resource.type'),
];
case FINDINGS_GROUPING_OPTIONS.RULE_NAME:
return [
Expand Down Expand Up @@ -122,62 +122,18 @@ const getAggregationsByGroupField = (field: string): NamedAggregation[] => {
const getRuntimeMappingsByGroupField = (
field: string
): Record<string, { type: 'keyword' }> | undefined => {
switch (field) {
case FINDINGS_GROUPING_OPTIONS.RESOURCE_NAME:
return {
[FINDINGS_GROUPING_OPTIONS.RESOURCE_NAME]: {
type: 'keyword',
},
'resource.id': {
type: 'keyword',
},
'resource.sub_type': {
type: 'keyword',
},
'resource.type': {
type: 'keyword',
},
};
case FINDINGS_GROUPING_OPTIONS.RULE_NAME:
return {
[FINDINGS_GROUPING_OPTIONS.RULE_NAME]: {
type: 'keyword',
},
'rule.benchmark.version': {
type: 'keyword',
},
};
case FINDINGS_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME:
return {
[FINDINGS_GROUPING_OPTIONS.CLOUD_ACCOUNT_NAME]: {
if (CDR_MISCONFIGURATION_GROUPING_RUNTIME_MAPPING_FIELDS?.[field]) {
return CDR_MISCONFIGURATION_GROUPING_RUNTIME_MAPPING_FIELDS[field].reduce(
(acc, runtimeField) => ({
...acc,
[runtimeField]: {
type: 'keyword',
},
'rule.benchmark.name': {
type: 'keyword',
},
'rule.benchmark.id': {
type: 'keyword',
},
};
case FINDINGS_GROUPING_OPTIONS.ORCHESTRATOR_CLUSTER_NAME:
return {
[FINDINGS_GROUPING_OPTIONS.ORCHESTRATOR_CLUSTER_NAME]: {
type: 'keyword',
},
'rule.benchmark.name': {
type: 'keyword',
},
'rule.benchmark.id': {
type: 'keyword',
},
};
default:
return {
[field]: {
type: 'keyword',
},
};
}),
{}
);
}
return {};
};

/**
Expand Down Expand Up @@ -255,12 +211,7 @@ export const useLatestFindingsGrouping = ({
size: pageSize,
sort: [{ groupByField: { order: 'desc' } }, { complianceScore: { order: 'asc' } }],
statsAggregations: getAggregationsByGroupField(currentSelectedGroup),
runtimeMappings: {
...getRuntimeMappingsByGroupField(currentSelectedGroup),
'result.evaluation': {
type: 'keyword',
},
},
runtimeMappings: getRuntimeMappingsByGroupField(currentSelectedGroup),
rootAggregations: [
{
failedFindings: {
Expand Down
Loading

0 comments on commit f27a7d1

Please sign in to comment.