Merge branch 'main' into 135678-unified-field-list-sections-in-discov…

…er-2

packages/kbn-handlebars/README.md

@@ -69,7 +69,7 @@ The tests for `@kbn/handlebars` are integrated into the regular test suite of Ki
 node scripts/jest packages/kbn-handlebars
 ```
 
-By default each test will run both the original `handlebars` code and the modified `@kbn/handlebars` code to compare if the output of the two are identical. To isolate a test run to just one or the other, you can use the following environment variables:
+By default, each test will run both the original `handlebars` code and the modified `@kbn/handlebars` code to compare if the output of the two are identical. To isolate a test run to just one or the other, you can use the following environment variables:
 
 - `EVAL=1` - Set to only run the original `handlebars` implementation that uses `eval`.
 - `AST=1` - Set to only run the modified `@kbn/handlebars` implementation that doesn't use `eval`.
@@ -84,7 +84,7 @@ Some of the tests have been copied from the upstream `handlebars` project and mo
 
 If the script outputs a diff for a given file, it means that this file has been updated.
 
-_Note: that this will look for chanages in the `4.x` branch of the `handlebars.js` repo only. Changes in the `master` branch are ignored._
+_Note: that this will look for changes in the `4.x` branch of the `handlebars.js` repo only. Changes in the `master` branch are ignored._
 
 Once all updates have been manually merged with our versions of the files, run the following script to "lock" us into the new updates:
 
@@ -196,4 +196,4 @@ You can pretty print just the generated code using this command:
   node -e 'process.stdin.on(`data`, c => console.log(`(${eval(`(${c})`).code})`))' | \
   npx prettier --write --stdin-filepath template.js | \
   npx cli-highlight -l javascript
-```
+```

packages/kbn-handlebars/src/upstream/index.builtins.test.ts

@@ -276,7 +276,7 @@ describe('builtin helpers', () => {
     // TODO: This test has been added to the `4.x` branch of the handlebars.js repo along with a code-fix,
     // but a new version of the handlebars package containing this fix has not yet been published to npm.
     //
-    // Before enabling this code, a new version of handlebars needs to be released and the corrosponding
+    // Before enabling this code, a new version of handlebars needs to be released and the corresponding
     // updates needs to be applied to this implementation.
     //
     // See: https://github.com/handlebars-lang/handlebars.js/commit/30dbf0478109ded8f12bb29832135d480c17e367

x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_filtering_logic.tsx

@@ -20,6 +20,7 @@ import {
   FilteringPolicy,
   FilteringRule,
   FilteringRuleRule,
+  FilteringValidation,
   FilteringValidationState,
 } from '../../../../../../../common/types/connectors';
 import { Actions } from '../../../../../shared/api_logic/create_api_logic';
@@ -79,6 +80,7 @@ type ConnectorFilteringActions = Pick<
 
 interface ConnectorFilteringValues {
   advancedSnippet: string;
+  draftErrors: FilteringValidation[];
   draftState: FilteringValidationState;
   editableFilteringRules: FilteringRule[];
   filteringConfig: FilteringConfig | null;

x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_rules.tsx

@@ -37,13 +37,14 @@ export const ConnectorSyncRules: React.FC = () => {
     useValues(IndexViewLogic);
   const { applyDraft, setLocalFilteringRules, setLocalAdvancedSnippet, setIsEditing } =
     useActions(ConnectorFilteringLogic);
-  const { advancedSnippet, draftState, filteringRules, hasDraft, isEditing } =
+  const { advancedSnippet, draftErrors, draftState, filteringRules, hasDraft, isEditing } =
     useValues(ConnectorFilteringLogic);
 
   return (
     <>
       {isEditing && (
         <EditSyncRulesFlyout
+          errors={draftErrors}
           hasAdvancedFilteringFeature={hasAdvancedFilteringFeature}
           hasBasicFilteringFeature={hasBasicFilteringFeature}
           revertLocalFilteringRules={() => setLocalFilteringRules(filteringRules)}

x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/edit_sync_rules_flyout.tsx

@@ -8,6 +8,9 @@
 import React from 'react';
 
 import {
+  EuiCallOut,
+  EuiFlexGroup,
+  EuiFlexItem,
   EuiFlyout,
   EuiFlyoutHeader,
   EuiTitle,
@@ -17,13 +20,17 @@ import {
   EuiTabbedContentTab,
   EuiSpacer,
 } from '@elastic/eui';
+
 import { i18n } from '@kbn/i18n';
 
+import { FilteringValidation } from '../../../../../../../common/types/connectors';
+
 import { AdvancedSyncRules } from './advanced_sync_rules';
 import { EditSyncRulesTab } from './edit_sync_rules_tab';
 import { SyncRulesTable } from './editable_basic_rules_table';
 
 interface EditFilteringFlyoutProps {
+  errors: FilteringValidation[];
   hasAdvancedFilteringFeature: boolean;
   hasBasicFilteringFeature: boolean;
   revertLocalAdvancedFiltering: () => void;
@@ -37,6 +44,7 @@ enum FilteringTabs {
 }
 
 export const EditSyncRulesFlyout: React.FC<EditFilteringFlyoutProps> = ({
+  errors,
   hasAdvancedFilteringFeature,
   hasBasicFilteringFeature,
   revertLocalFilteringRules,
@@ -104,6 +112,35 @@ export const EditSyncRulesFlyout: React.FC<EditFilteringFlyoutProps> = ({
             }
           )}
         </EuiText>
+        <EuiSpacer />
+        {!!errors?.length && (
+          <EuiFlexGroup direction="column">
+            {errors.map((error, index) => (
+              <EuiFlexItem id={`${index}`} grow={false}>
+                <EuiCallOut
+                  color="danger"
+                  title={i18n.translate(
+                    'xpack.enterpriseSearch.content.index.connector.syncRules.flyout.errorTitle',
+                    {
+                      defaultMessage:
+                        'Sync {idsLength, plural, one {rule} other {rules}} {ids} {idsLength, plural, one {is} other {are}} invalid.',
+                      values: {
+                        ids: error.ids.join(', '),
+                        idsLength: error.ids.length,
+                      },
+                    }
+                  )}
+                >
+                  <>
+                    {error.messages.map((message) => (
+                      <p id={message}>{message}</p>
+                    ))}
+                  </>
+                </EuiCallOut>
+              </EuiFlexItem>
+            ))}
+          </EuiFlexGroup>
+        )}
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         <EuiTabbedContent tabs={tabs} />

x-pack/plugins/osquery/cypress/e2e/all/alerts.cy.ts

@@ -5,13 +5,20 @@
  * 2.0.
  */
 
+import {
+  RESPONSE_ACTIONS_ITEM_0,
+  RESPONSE_ACTIONS_ITEM_1,
+  RESPONSE_ACTIONS_ITEM_2,
+  OSQUERY_RESPONSE_ACTION_ADD_BUTTON,
+} from '../../tasks/response_actions';
 import { ArchiverMethod, runKbnArchiverScript } from '../../tasks/archiver';
 import { login } from '../../tasks/login';
 import {
   findAndClickButton,
   findFormFieldByRowsLabelAndType,
   inputQuery,
   submitQuery,
+  typeInECSFieldInput,
 } from '../../tasks/live_query';
 import { preparePack } from '../../tasks/packs';
 import { closeModalIfVisible } from '../../tasks/integrations';
@@ -60,26 +67,96 @@ describe('Alert Event Details', () => {
     cy.getBySel('ruleSwitch').should('have.attr', 'aria-checked', 'true');
   });
 
-  it('enables to add detection action with osquery', () => {
+  it('adds response actations with osquery with proper validation and form values', () => {
     cy.visit('/app/security/rules');
     cy.contains(RULE_NAME).click();
     cy.contains('Edit rule settings').click();
     cy.getBySel('edit-rule-actions-tab').wait(500).click();
-    cy.contains('Perform no actions').get('select').select('On each rule execution');
     cy.contains('Response actions are run on each rule execution');
-    cy.getBySel('.osquery-ResponseActionTypeSelectOption').click();
-    cy.get(LIVE_QUERY_EDITOR);
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.get(LIVE_QUERY_EDITOR);
+    });
     cy.contains('Save changes').click();
-    cy.contains('Query is a required field');
-    inputQuery('select * from uptime');
-    cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('Query is a required field');
+      inputQuery('select * from uptime1');
+    });
+
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('Run a set of queries in a pack').click();
+    });
+    cy.contains('Save changes').click();
+    cy.getBySel('response-actions-error')
+      .within(() => {
+        cy.contains(' Pack is a required field');
+      })
+      .should('exist');
+    cy.contains('Pack is a required field');
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.getBySel('comboBoxInput').type('testpack{downArrow}{enter}');
+    });
+
+    cy.getBySel(OSQUERY_RESPONSE_ACTION_ADD_BUTTON).click();
+
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
+      cy.get(LIVE_QUERY_EDITOR);
+      cy.contains('Query is a required field');
+      inputQuery('select * from uptime');
+      cy.contains('Advanced').click();
+      typeInECSFieldInput('message{downArrow}{enter}');
+      cy.getBySel('osqueryColumnValueSelect').type('days{downArrow}{enter}');
+      cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
+    });
 
     // getSavedQueriesDropdown().type(`users{downArrow}{enter}`);
     cy.contains('Save changes').click();
     cy.contains(`${RULE_NAME} was saved`).should('exist');
+    cy.getBySel('toastCloseButton').click();
     cy.contains('Edit rule settings').click();
     cy.getBySel('edit-rule-actions-tab').wait(500).click();
     cy.contains('select * from uptime');
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('select * from uptime1');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_2).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('testpack');
+      cy.getBySel('comboBoxInput').type('{backspace}{enter}');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('select * from uptime1');
+      cy.getBySel('remove-response-action').click();
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('Search for a pack to run');
+      cy.contains('Pack is a required field');
+      cy.getBySel('comboBoxInput').type('testpack{downArrow}{enter}');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
+    cy.contains('Save changes').click();
+    cy.contains(`${RULE_NAME} was saved`).should('exist');
+    cy.getBySel('toastCloseButton').click();
+    cy.contains('Edit rule settings').click();
+    cy.getBySel('edit-rule-actions-tab').wait(500).click();
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_0).within(() => {
+      cy.contains('testpack');
+    });
+    cy.getBySel(RESPONSE_ACTIONS_ITEM_1).within(() => {
+      cy.contains('select * from uptime');
+      cy.contains('Log message optimized for viewing in a log viewer');
+      cy.contains('Days of uptime');
+    });
   });
 
   it('should be able to run live query and add to timeline (-depending on the previous test)', () => {

x-pack/plugins/osquery/cypress/e2e/all/packs.cy.ts

@@ -457,8 +457,14 @@ describe('ALL - Packs', () => {
       findFormFieldByRowsLabelAndType('Name', shardPack);
 
       cy.contains('Partial deployment (shards)').click();
-      cy.getBySel('shards-field-policy').type('Default{downArrow}{enter}');
-      cy.get('#shardsPercentage0').type('{backspace}{backspace}5');
+      cy.getBySel('packShardsForm-0').within(() => {
+        cy.getBySel('shards-field-policy').type('Default{downArrow}{enter}');
+        cy.get('#shardsPercentage0').type('{backspace}{backspace}5');
+      });
+      cy.getBySel('packShardsForm-1').within(() => {
+        cy.getBySel('shards-field-policy').type('{downArrow}{enter}');
+        cy.get('#shardsPercentage1').type('{backspace}{backspace}{backspace}');
+      });
       findAndClickButton('Save pack');
 
       cy.contains(`Successfully created "${shardPack}" pack`);
@@ -477,6 +483,13 @@ describe('ALL - Packs', () => {
       cy.contains(shardPack).click();
       cy.contains('Edit').click();
       cy.get('#shardsPercentage0').should('have.value', '15');
+      cy.getBySel('packShardsForm-1').within(() => {
+        cy.getBySel('shards-field-policy').contains('testGlobal');
+        cy.get('#shardsPercentage1').should('have.value', '0');
+      });
+      cy.getBySel('policyIdsComboBox').within(() => {
+        cy.contains('testGlobal').should('not.exist');
+      });
     });
   });
 });

x-pack/plugins/osquery/cypress/e2e/all/saved_queries.cy.ts

@@ -32,4 +32,13 @@ describe('ALL - Saved queries', () => {
       cy.contains('Snapshot');
     });
   });
+  it('checks result type on prebuilt saved query', () => {
+    cy.contains('Saved queries').click();
+    cy.react('CustomItemAction', {
+      props: { index: 1, item: { attributes: { id: 'users_elastic' } } },
+    }).click();
+    cy.getBySel('resultsTypeField').within(() => {
+      cy.contains('Snapshot');
+    });
+  });
 });

x-pack/plugins/osquery/cypress/tasks/response_actions.ts

@@ -0,0 +1,12 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export const RESPONSE_ACTIONS_ITEM_0 = 'response-actions-list-item-0';
+export const RESPONSE_ACTIONS_ITEM_1 = 'response-actions-list-item-1';
+export const RESPONSE_ACTIONS_ITEM_2 = 'response-actions-list-item-2';
+
+export const OSQUERY_RESPONSE_ACTION_ADD_BUTTON = 'osquery-response-action-type-selection-option';

x-pack/plugins/osquery/public/actions/actions_table.tsx

@@ -20,6 +20,7 @@ import {
 import React, { useState, useCallback, useMemo } from 'react';
 import { useHistory } from 'react-router-dom';
 
+import { removeMultilines } from '../../common/utils/build_query/remove_multilines';
 import { useAllLiveQueries } from './use_all_live_queries';
 import type { SearchHit } from '../../common/search_strategy';
 import { Direction } from '../../common/search_strategy';
@@ -90,9 +91,13 @@ const ActionsTableComponent = () => {
       );
     }
 
+    const query = item._source.queries[0].query;
+    const singleLine = removeMultilines(query);
+    const content = singleLine.length > 90 ? `${singleLine?.substring(0, 90)}...` : singleLine;
+
     return (
       <EuiCodeBlock language="sql" fontSize="s" paddingSize="none" transparentBackground>
-        {item._source.queries[0].query}
+        {content}
       </EuiCodeBlock>
     );
   }, []);
@@ -196,6 +201,7 @@ const ActionsTableComponent = () => {
           defaultMessage: 'Query',
         }),
         truncateText: true,
+        width: '60%',
         render: renderQueryColumn,
       },
       {

x-pack/plugins/osquery/public/components/layouts/with_header.tsx

@@ -42,7 +42,7 @@ export const WithHeaderLayout: React.FC<WithHeaderLayoutProps> = ({
     >
       <EuiPageBody>
         <ContentWrapper>
-          <EuiSpacer size="m" />
+          <EuiSpacer size="l" />
           {children}
         </ContentWrapper>
       </EuiPageBody>