Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Endpoint] Update host isolation pending status API to work with new endpoint #115441

Merged
merged 9 commits into from
Oct 19, 2021
Merged

[Security Solution][Endpoint] Update host isolation pending status API to work with new endpoint #115441

merged 9 commits into from
Oct 19, 2021

Conversation

ashokaditya
Copy link
Member

@ashokaditya ashokaditya commented Oct 18, 2021
edited
Loading

Summary

Adds logic to finding pending isolation/release status for new (>=v7.16) endpoints.

Essentially, for <=v71.6 endpoints, the legacy logic follows for pending action status, where the action is considered pending when there is no response yet. For >=v7.16 endpoints, action is pending if there is a response with ack in it, but there's no endpoint response.

Checklist

Delete any items that are not applicable to this PR.

@ashokaditya ashokaditya added v8.0.0 Team:Defend Workflows “EDR Workflows” sub-team of Security Solution release_note:feature Makes this part of the condensed release notes auto-backport Deprecated - use backport:version if exact versions are needed v7.16.0 labels Oct 18, 2021
@ashokaditya ashokaditya self-assigned this Oct 18, 2021
@ashokaditya
Copy link
Member Author

@elasticmachine merge upstream

@ashokaditya ashokaditya marked this pull request as ready for review October 19, 2021 14:03
@ashokaditya ashokaditya requested review from a team as code owners October 19, 2021 14:03
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@ashokaditya ashokaditya requested a review from pzl October 19, 2021 14:04
dasansol92
dasansol92 reviewed Oct 19, 2021
View reviewed changes
Copy link
Contributor

@dasansol92 dasansol92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some code suggestions, let me know if something doesn't work on your side 🙂
Btw, it looks great! 🔥

academo
academo suggested changes Oct 19, 2021
View reviewed changes
Copy link
Contributor

@academo academo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is a problem with async code mixing with sync code.

@ashokaditya ashokaditya requested a review from a team as a code owner October 19, 2021 16:15
@kevinlog kevinlog requested a review from academo October 19, 2021 16:29
pzl
pzl approved these changes Oct 19, 2021
View reviewed changes
Copy link
Member

@pzl pzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the logic is there

some names were not very clear to me, but that's a nitpick at best

x-pack/plugins/security_solution/server/endpoint/services/actions.ts
@@ -146,6 +147,45 @@ const getActivityLog = async ({
return sortedData;
};

const hasAckInResponse = (response: EndpointActionResponse): boolean => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

x-pack/plugins/security_solution/server/endpoint/services/actions.ts Outdated
Comment on lines 240 to 243
return ackResponseActionIdList.includes(action.action_id) // if has ack
? isLogsEndpointFilter({ action, agentId, indexedActionIds }) // then find responses in new index
: legacyFilterCallback({
// else use the legacy way
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comments here are 🔥

@ashokaditya
meaningful names
4992c33 
review changes
@ashokaditya ashokaditya enabled auto-merge (squash) October 19, 2021 19:14
pzl
pzl approved these changes Oct 19, 2021
View reviewed changes
Copy link
Member

@pzl pzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐑 🐑 🐑

@kevinlog kevinlog removed the request for review from a team October 19, 2021 19:20
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ashokaditya

@ashokaditya ashokaditya merged commit b1dd89e into elastic:master Oct 19, 2021
@kibanamachine kibanamachine mentioned this pull request Oct 19, 2021
Closed
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 19, 2021
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Update host isolation pending status AP…
6d89bfa 
…I to work with new endpoint (elastic#115441)

* get the whole response when fetching responses by agentIds

fixes elastic/security-team/issues/1705

* search new response index with actionId

fixes elastic/security-team/issues/1705

* Find matching responses in new response index if fleet action response has an `ack`

* review changes

* hasIndexedDoc fix fetch logic

* remove file

* simplify code

* add some acks to generator responses

* meaningful names

review changes

Co-authored-by: Esteban Beltran <[email protected]>
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

@kevinlog kevinlog mentioned this pull request Oct 20, 2021
Merged
kevinlog pushed a commit to kevinlog/kibana that referenced this pull request Oct 20, 2021
@ashokaditya @kevinlog
[Security Solution][Endpoint] Update host isolation pending status AP…
3dc2cff 
…I to work with new endpoint (elastic#115441)

* get the whole response when fetching responses by agentIds

fixes elastic/security-team/issues/1705

* search new response index with actionId

fixes elastic/security-team/issues/1705

* Find matching responses in new response index if fleet action response has an `ack`

* review changes

* hasIndexedDoc fix fetch logic

* remove file

* simplify code

* add some acks to generator responses

* meaningful names

review changes

Co-authored-by: Esteban Beltran <[email protected]>
kevinlog added a commit that referenced this pull request Oct 20, 2021
@kevinlog @ashokaditya
[7.x] [Security Solution][Endpoint] Update host isolation pending sta…
da5cdc8 
…tus API to work with new endpoint (#115441) (#115691)

* [Security Solution][Endpoint] Update host isolation pending status API to work with new endpoint (#115441)

* get the whole response when fetching responses by agentIds

fixes elastic/security-team/issues/1705

* search new response index with actionId

fixes elastic/security-team/issues/1705

* Find matching responses in new response index if fleet action response has an `ack`

* review changes

* hasIndexedDoc fix fetch logic

* remove file

* simplify code

* add some acks to generator responses

* meaningful names

review changes

Co-authored-by: Esteban Beltran <[email protected]>

* skip flakey test

Co-authored-by: Ashokaditya <[email protected]>
Co-authored-by: Esteban Beltran <[email protected]>
@ashokaditya ashokaditya mentioned this pull request Oct 21, 2021
Merged
1 task
ashokaditya added a commit that referenced this pull request Nov 1, 2021
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Add tests for pending status API changes (
8fd0215 
#115998)

* add tests for pending status api changes

related to /pull/115441

refs elastic/security-team/issues/1705

* update mock

refs /pull/116214

Co-authored-by: Kibana Machine <[email protected]>
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Nov 1, 2021
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Add tests for pending status API changes (
0667051 
elastic#115998)

* add tests for pending status api changes

related to elastic/pull/115441

refs elastic/security-team/issues/1705

* update mock

refs elastic/pull/116214

Co-authored-by: Kibana Machine <[email protected]>
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Nov 1, 2021
@ashokaditya @kibanamachine
[Security Solution][Endpoint] Add tests for pending status API changes (
7723872 
elastic#115998)

* add tests for pending status api changes

related to elastic/pull/115441

refs elastic/security-team/issues/1705

* update mock

refs elastic/pull/116214

Co-authored-by: Kibana Machine <[email protected]>
kibanamachine added a commit that referenced this pull request Nov 1, 2021
@kibanamachine @ashokaditya
[Security Solution][Endpoint] Add tests for pending status API changes (
85edf78 
#115998) (#116924)

* add tests for pending status api changes

related to /pull/115441

refs elastic/security-team/issues/1705

* update mock

refs /pull/116214

Co-authored-by: Kibana Machine <[email protected]>

Co-authored-by: Ashokaditya <[email protected]>
kibanamachine added a commit that referenced this pull request Nov 1, 2021
@kibanamachine @ashokaditya
[Security Solution][Endpoint] Add tests for pending status API changes (
0076cf9 
#115998) (#116925)

* add tests for pending status api changes

related to /pull/115441

refs elastic/security-team/issues/1705

* update mock

refs /pull/116214

Co-authored-by: Kibana Machine <[email protected]>

Co-authored-by: Ashokaditya <[email protected]>
ashokaditya added a commit to ashokaditya/kibana that referenced this pull request Nov 10, 2021
@ashokaditya
Pull more than 10 records
6ad30c6 
When looking for completed responses for responses with ACK.
refs elastic/pull/115441
@ashokaditya ashokaditya mentioned this pull request Nov 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dasansol92 dasansol92 dasansol92 left review comments

@academo academo academo approved these changes

@pzl pzl pzl approved these changes

Assignees

@ashokaditya ashokaditya

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:feature Makes this part of the condensed release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ashokaditya @elasticmachine @kibanamachine @academo @pzl @dasansol92