Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Remove references to ruleRegistryEnabled feature flag #128913

Merged
merged 23 commits into from
Apr 25, 2022
Merged

[Security Solution] Remove references to ruleRegistryEnabled feature flag #128913

merged 23 commits into from
Apr 25, 2022

Conversation

madirey
Copy link
Contributor

@madirey madirey commented Mar 30, 2022
edited
Loading

Summary

Since rule_registry is now enabled by default, legacy rule executors have now been disabled. This removes all references to the feature flag in areas where legacy code was running or legacy alerts were written.

Fixes #128918

Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.

When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:

Risk Probability Severity Mitigation/Notes
Multiple Spaces—unexpected behavior in non-default Kibana Space. Low High Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces.
Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. High Low Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure.
Code should gracefully handle cases when feature X or plugin Y are disabled. Medium High Unit tests will verify that any feature flag or plugin combination still results in our service operational.
See more potential risk examples

For maintainers

@madirey madirey added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting Team:Detections and Resp Security Detection Response Team Feature:Detection Alerts Security Solution Detection Alerts Feature 8.3 candidate v8.3.0 labels Mar 30, 2022
@madirey madirey requested review from a team as code owners March 30, 2022 14:41
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@madirey
Copy link
Contributor Author

madirey commented Apr 14, 2022

@elasticmachine merge upstream

@madirey madirey requested review from a team as code owners April 16, 2022 06:39
cnasikas
cnasikas approved these changes Apr 19, 2022
View reviewed changes
Copy link
Member

@cnasikas cnasikas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cases code LTGM

@madirey
Copy link
Contributor Author

madirey commented Apr 20, 2022

@elasticmachine merge upstream

@madirey madirey enabled auto-merge (squash) April 20, 2022 15:36
spong
spong reviewed Apr 20, 2022
View reviewed changes
...ugins/security_solution/server/lib/detection_engine/routes/rules/utils/import_rules_utils.ts
@@ -190,7 +181,7 @@ export const importRules = async ({
language,
license,
machineLearningJobId,
outputIndex: signalsIndex,
outputIndex: '',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This field is deprecated, no? We just need to remove it at some point, right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spong Yep, good point. We left it because the feature flag was still there and so it may have still been needed. I can follow up to remove it!

spong
spong reviewed Apr 20, 2022
View reviewed changes
...ns/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.ts
Comment on lines -128 to -131
throw new PrepackagedRulesError(
`Pre-packaged rules cannot be installed until the signals index is created: ${signalsIndex}`,
400
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this error still possible even with the RuleRegistry? Like if you create a new space, but don't go to the security app, and then hit this API directly the indices won't have been created yet, no? RuleRegistry index creation happens on Kibana startup for existing spaces, but new spaces require an alert to be generated, is that correct?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spong I'll have to test this scenario, but you may be right. I think I'll follow up with an additional PR/issue to address this and the output_index stuff.

spong
spong approved these changes Apr 20, 2022
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did a quick scan over code changes and LGTM! Couple questions around test changes, but everything else looks good -- thanks for all the cleanup here @madirey! 🙂 🙌 🚀

@madirey
Copy link
Contributor Author

madirey commented Apr 20, 2022

@elasticmachine merge upstream

@YulNaumenko YulNaumenko self-requested a review April 25, 2022 17:20
michaelolo24
michaelolo24 approved these changes Apr 25, 2022
View reviewed changes
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for removing the flags! LGTM

@madirey madirey removed the request for review from YulNaumenko April 25, 2022 17:54
@madirey madirey merged commit 414ad78 into elastic:main Apr 25, 2022
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Test Failures

  • [job] [logs] Security Solution Tests / Alerts timeline Privileges: can crud should allow a user with crud privileges to attach alerts to cases

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.8MB 4.8MB -107.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
securitySolution 248.0KB 248.0KB -23.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@madirey madirey deleted the rr-ff-cleanup branch April 26, 2022 01:23
kertal pushed a commit to kertal/kibana that referenced this pull request May 24, 2022
@madirey @kibanamachine @kertal
[Security Solution] Remove references to ruleRegistryEnabled feature …
d4cbd01 
…flag (elastic#128913)

* Remove references to ruleRegistryEnabled feature flag

* Fix remaining tests using describe.each

* Test fixes

* alert -> rule

* Fix import rule tests

* Fix output_index in tests

* Tryin' again

* Another test fix

Co-authored-by: Kibana Machine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spong spong spong approved these changes

@cnasikas cnasikas cnasikas approved these changes

@michaelolo24 michaelolo24 michaelolo24 approved these changes

@MadameSheema MadameSheema MadameSheema approved these changes

@marshallmain marshallmain marshallmain approved these changes

Assignees
No one assigned
Labels
8.3 candidate backport:skip This commit does not require backporting Feature:Detection Alerts Security Solution Detection Alerts Feature release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team v8.3.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security Solution] Remove references to ruleRegistryEnabled feature flag
9 participants
@madirey @elasticmachine @kibana-ci @spong @cnasikas @michaelolo24 @MadameSheema @marshallmain @kibanamachine