[Security Solution] [Sourcerer] KIP Feature Branch Kickoff, remove config index patterns

[stephmilovic]

Summary

This is the first stage of the update to Sourcerer to user only Kibana Index Patterns. This update will enable Kibana runtime fields in Security Solution app

This is the feature branch for this update. I am opening a PR against master. Once approved, I will close the PR without merging and open all new feature PRs against this branch. Once the feature is done, we can reopen this PR against master again and merge with minimal testing.

• Removes config index patterns from sourcerer and only use Kibana index patterns in its existing functionality
• POST a special security-solution KIP from the config index patterns
• security-solution KIP becomes the default selection in our app (formerly config index patterns)

Tester: please check the tasks on the issue to ensure your functionality expectations are correct for this stage of development

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[legrego]

It looks like you are trying to create the index pattern if it doesn't already exist? There are a lot of reasons why indexPatternsService.get() may fail -- @elastic/kibana-app-services what is the best way to test for a 404/not found response here?

[stephmilovic]

got it taken care of in my follow up PR, will tag you on that code when its up ;P

[legrego]

What happens if a user has an existing index pattern with this id, but mapped to something you don't expect?

[stephmilovic]

that wouldbe a big coincidence. its our reserved id, vs creating an index pattern via Kibana will result in a random id. you'd have to hit the API manually with this specific ID. maybe 0.000001% of users would do that

[legrego]

The index pattern UI allows index patterns to be created with a custom, user-supplied identifier. I agree the chance of this happening is small, but it's probably greater than 0.000001%. This isn't a blocker IMO, but I wanted to call this out as a possibility

[stephmilovic]

I added this as a task on the issue, will make sure to address before merging in master: https://github.com/elastic/security-team/issues/772

[stephmilovic]

got it taken care of in my follow up PR, will tag you on that code when its up ;P

[stephmilovic]

these were already skipped if thats confusing

[stephmilovic]

@elasticmachine merge upstream

[stephmilovic]

i dare this test to fail again

[stephmilovic]

@elasticmachine merge upstream

[kibanamachine]

💛 Build succeeded, but was flaky

• continuous-integration/kibana-ci/pull-request
• Commit: 19a1e9a
• Storybooks Preview
• Documentation Changes
• Flaky suites:
  • xpack-securitySolutionCypressChrome

---

Test Failures

Kibana Pipeline / general / adds correctly a filter to the global search bar.SearchBar adds correctly a filter to the global search bar

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has failed 19 times on tracked branches: https://github.com/elastic/kibana/issues/69595

AssertionError: Timed out retrying after 60000ms: Expected to find element: `[data-test-subj="comboBoxOptionsList filterFieldSuggestionList-optionsList"] button[title="host.ip"] mark`, but never found it.
    at Object.fillAddFilterForm (http://localhost:61121/__cypress/tests?p=cypress/integration/header/search_bar.spec.ts:16419:8)
    at Context.eval (http://localhost:61121/__cypress/tests?p=cypress/integration/header/search_bar.spec.ts:15554:22)

---

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	6.5MB	6.5MB	+1.7KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
securitySolution	211.9KB	212.2KB	+304.0B

History

• 💔 Build #143687 failed e986d9d
• 💛 Build #143389 was flaky 32025be
• 💚 Build #143242 succeeded 11c741d
• 💔 Build #142967 failed ffc08eb
• 💔 Build #141137 failed 49098d4

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[michaelolo24]

Just curious, is there some standard pattern for these across Kibana? I.e. camel-case, snake-case, etc.. ?

[stephmilovic]

no, the id is generated and looks like a855f700-f5f9-11eb-8763-01917c58cbf9 so i followed that. i think - is standard for URL which is where these are stored

[michaelolo24]

Worth moving into a util? If you end up moving it to a util, should probably rename it to something like loadSecuritySolutionIndexPatterns

[michaelolo24]

Thanks for cleaning this up!

[michaelolo24]

Does this get ignored in the selectedPatterns list because auditbeat-* has the same id? Just seeing if that's something you're testing here too

[stephmilovic]

hmm that should never happen IRL since you cant have the same id in the system, so its not something i wrote for

[michaelolo24]

I think it might be worth it to set an explicit error param rather than relying on rest here to keep separation of concerns?

[stephmilovic]

im going to iterate on this in follow up PRs but will keep this comment open for a reminder

[michaelolo24]

thank you

[michaelolo24]

I know you didn't write this, but isn't it always label === index?

[stephmilovic]

its saying acc shouldn't already have a label that is equal to that index. makes sense to me but we can run it together if you'd like and poke at it 😄

[michaelolo24]

PR looks good! Pulled it down, tested that the index switching is working as expected. Most of my comments were just questions and nits. Only thing left is just making any changes for @legrego's comment here: https://github.com/elastic/kibana/pull/106460/files#r677392130

[stephmilovic]

Fantastic! With approval, I'm now going to close this PR and use it as my Feature Branch to open PRs against. I will reopen the PR once it is ready to merge!