Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Update bulk edit api to include skipped rules in response #144461

Closed
wants to merge 23 commits into from
Closed

[Security Solution] Update bulk edit api to include skipped rules in response #144461

wants to merge 23 commits into from

Conversation

jpdjere
Copy link
Contributor

@jpdjere jpdjere commented Nov 2, 2022
edited by banderror
Loading

Addresses: #145093
Related to: #139802

Summary

  • Extends Bulk Edit API to return a new skipped property for rules whose updating was skipped. See #145093 for details on when a rule is skipped.
  • In x-pack/plugins/alerting/server/rules_client/rules_client.ts, refactored the methods bulkEdit and bulkEditOcc to smaller methods, following an immutable approach.
    • Updated all related tests and expanded coverage. (unit, integration and e2e)
  • Update success toast message so that the user is informed if rules were skipped.
Skipped.bulk.edit.rules.mp4

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@jpdjere jpdjere mentioned this pull request Nov 3, 2022
Merged
2 tasks
@jpdjere jpdjere force-pushed the update-bulk-edit-api-skipped-results branch from 6b3369b to 67982c7 Compare November 3, 2022 18:16
jpdjere
jpdjere commented Nov 3, 2022
View reviewed changes
...security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts Outdated
return `${i18n.RULES_BULK_EDIT_SUCCESS_DESCRIPTION(summary.succeeded)}. ${
i18n.RULES_BULK_EDIT_SUCCESS_INDEX_EDIT_DESCRIPTION
return `${i18n.RULES_BULK_EDIT_SUCCESS_DESCRIPTION(summary.succeeded, summary.skipped)} ${
summary.skipped > 0 ? i18n.RULES_BULK_EDIT_SUCCESS_DATA_VIEW_RULES_SKIPPED_DETAIL : ''
Copy link
Contributor Author

@jpdjere jpdjere Nov 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only add the explanation about rules with data views being ignored if the action is index_pattern related and the API call responded with skipped rules.

@jpdjere jpdjere marked this pull request as ready for review November 3, 2022 18:27
@jpdjere jpdjere requested a review from a team as a code owner November 3, 2022 18:27
@jpdjere jpdjere requested review from maximpn and banderror November 3, 2022 18:27
@jpdjere jpdjere self-assigned this Nov 3, 2022
@jpdjere jpdjere added Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team labels Nov 3, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@jpdjere jpdjere added enhancement New value added to drive a business result v8.6.0 release_note:enhancement labels Nov 3, 2022
@jpdjere jpdjere requested a review from a team as a code owner November 3, 2022 19:15
@jpdjere jpdjere requested a review from a team as a code owner November 4, 2022 12:03
@jpdjere jpdjere force-pushed the update-bulk-edit-api-skipped-results branch from 73a39f0 to fe2dd59 Compare November 4, 2022 13:25
maximpn
maximpn reviewed Nov 4, 2022
View reviewed changes
Copy link
Contributor

@maximpn maximpn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jpdjere The changes look good

There is a couple of comments which needs attention.

...ecurity_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts Outdated Show resolved Hide resolved
...ecurity_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
@jpdjere jpdjere force-pushed the update-bulk-edit-api-skipped-results branch 2 times, most recently from c493263 to 3f59997 Compare November 7, 2022 12:50
@jpdjere jpdjere requested a review from maximpn November 7, 2022 13:35
@jpdjere
Copy link
Contributor Author

jpdjere commented Nov 7, 2022

@banderror @maximpn

As per discussed today, I added the bulk_edit_skip_reason to the skipped rules return in the response, which we can later use in the UI to indicate what caused the rule edit to be skipped.

However, @banderror, because of your comments on adding a case for skipping a rule update in the case of adding a rule that already exists, I realised that the skipping logic as is in the PR can only be used for rule params and not rule attributes.

If we want to skip the editing of rule attributes, then we do need to edit the rules_client, and apply a similar logic that we do for the rules params, in which we pass in the rules_params_modifier function to the rules client as a callback and check for exceptions within that function (for example, if the existing tags array already contains the tag that the user wants to add).

I already started doing this implementation but would like to work on it on a separate PR, and get this PR merged up to its present scope.

Let me know what you think.

@jpdjere jpdjere force-pushed the update-bulk-edit-api-skipped-results branch from 6c452e1 to e66aeed Compare November 8, 2022 12:05
banderror
banderror reviewed Nov 8, 2022
View reviewed changes
Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are quite a bunch of comments, let me post what I have by now and continue the review.

x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
x-pack/plugins/security_solution/cypress/e2e/detection_rules/bulk_edit_rules.cy.ts Outdated Show resolved Hide resolved
...security_solution/public/detection_engine/rule_management/logic/bulk_actions/translations.ts Outdated Show resolved Hide resolved
...curity_solution/public/detection_engine/rule_management_ui/components/rules_table/helpers.ts
Comment on lines +72 to 75
skipped: 0,
succeeded: details.exported_rules_count,
failed: details.missing_rules_count,
total: details.exported_rules_count + details.missing_rules_count,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious why we treat missing_rules_count as failed rather than skipped?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how this should work. Whar are missing rules when attempting to export? I guess we can consider them as skipped, but would like to understand this fully before making the change.

...ecurity_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts Outdated Show resolved Hide resolved
...ecurity_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts Outdated Show resolved Hide resolved
...ecurity_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts Outdated Show resolved Hide resolved
@banderror
Copy link
Contributor

If we want to skip the editing of rule attributes, then we do need to edit the rules_client, and apply a similar logic that we do for the rules params, in which we pass in the rules_params_modifier function to the rules client as a callback and check for exceptions within that function (for example, if the existing tags array already contains the tag that the user wants to add).

I already started doing this implementation but would like to work on it on a separate PR, and get this PR merged up to its present scope.

Let me know what you think.

@jpdjere I really don't think we should implement skipping via throwing exceptions.

jpdjere added 23 commits December 1, 2022 15:33
@jpdjere
Add skipped rules to bulk edit api
89d85b8
@jpdjere
Updated toast message
8142b91 
Simplify return skipped rules

Add tests for rule params modifier

Extend Cypress tests

Refactored rule_params_modifier and add bulk edit response types

Add skipping logic for atrributes

Wire up changes in API

Add tests for should_skip_attributes
@jpdjere
Add multiple_actions integration tests
16de5af
@jpdjere
Refactored Cypress tests
8025c34
@jpdjere
Fix dataView e2e test
e769156 
Bulk edit test update

Update tests for retryIfBulkEditConflicts

Fix types

Correct number of rules to test

Extract out updateRuleAttributesInMemory

Refactor bulkEditOcc

Refactored types

Simplified skip_reason logic

Update client type
@jpdjere
Update ule_params_modifier.test.ts
36b36b9
@jpdjere
Update bulk_actions/route.test.ts
dbea04a 
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

Update retry_if_bulk_edit_conflicts and add coverage

WIP refactor bulk_edit.test.ts

WIP bulk_edit.test.ts

Correct beforeEach
@jpdjere
Extend bulk_edit.test.ts test coverage
c0ef8ff
@jpdjere
Expand integration test coverage
69ad42e 
[CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'
@jpdjere
Updated tests
a506512
@jpdjere
Fix rules params modifier test
61a1aad
@jpdjere
Refactored explainBulkEditSuccess
4dcd290
@jpdjere
Addressed comments
8149300
@jpdjere
Expanded typing
9940d2b
@jpdjere
Reorganized types
47d1ff1
@jpdjere
Refactored pMap callback function
13320ce
@jpdjere
Updated tests to assert that bulkMarkApiKeysForInvalidation is not ca…
77d0e93 
…lled
@jpdjere
Adressed comments
1857a08
@jpdjere
Fix types
f779d88
@jpdjere
Expanded applyBulkEditOperation tests
c78a7a8
@jpdjere
Clarified variables names in test config
303120f
@jpdjere
Remove unnecessary type
2eb1200
@jpdjere
refactored bulk edit response types
181d69c
@jpdjere jpdjere force-pushed the update-bulk-edit-api-skipped-results branch from d8325be to 181d69c Compare December 1, 2022 14:33
@kibana-ci
Copy link
Collaborator

kibana-ci commented Dec 1, 2022
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Jest Tests #15 / Perform bulk action route rule skipping returns 500 with skipped rules if some rules are skipped, but some errors are reported
  • [job] [logs] Jest Tests #15 / Perform bulk action route rule skipping returns partial failure error with skipped rules if some rule updates fail and others are skipped
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures return error message limited to length of 1000, to prevent large response size
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures returns error if disable rule throws error
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures returns error if machine learning rule validation fails
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures returns error if machine learning rule validation fails in dry run mode
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures returns partial failure error if one if rules from ids params can`t be fetched
  • [job] [logs] Jest Tests #15 / Perform bulk action route rules execution failures returns partial failure error if update of few rules fail

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
alerting 27 28 +1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
alerting 408 413 +5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.6MB 9.6MB +1.2KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
alerting 28 29 +1
Unknown metric groups

API count

id before after diff
alerting 417 422 +5

ESLint disabled in files

id before after diff
osquery 1 2 +1
securitySolution 77 76 -1
total -0

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 59 65 +6
osquery 109 115 +6
securitySolution 442 448 +6
total +20

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 68 74 +6
osquery 110 117 +7
securitySolution 519 524 +5
total +20

History

  • 💚 Build #92059 succeeded e0861b3355c78738b356a1a7cde81085740ea164
  • 💛 Build #90988 was flaky c5d1c86905c33df5c7fd2a6ad8a4793681e81ae0
  • 💛 Build #90600 was flaky 99e41f7aee0fad3e9d9fd6508de76e40641977c3
  • 💛 Build #90336 was flaky 52f7758e3932a300bfd89b06d3253fcee81bf25d

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @jpdjere

@banderror banderror linked an issue Dec 2, 2022 that may be closed by this pull request
[Security Solution] Extend bulk edit rules API to return skipped rules in response #145093
Closed
@spong spong mentioned this pull request Dec 12, 2022
Merged
7 tasks
@jpdjere
Copy link
Contributor Author

jpdjere commented Dec 12, 2022

Closing in favour of #147345 after ResponseOps refactored rules_client

@jpdjere jpdjere closed this Dec 12, 2022
banderror pushed a commit to elastic/security-docs that referenced this pull request Jan 4, 2023
@jpdjere
Document the new skipped response parameter of the _bulk_action endpo…
d4ddb81 
…int (#2731)

Relates to: #2684

Feature tickets:  elastic/kibana#145093 elastic/kibana#139802

Implemented in PR: elastic/kibana#144461
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banderror banderror banderror left review comments

@dplumlee dplumlee dplumlee approved these changes

@maximpn maximpn maximpn approved these changes

Assignees

@jpdjere jpdjere

Labels
ci:cloud-deploy Create or update a Cloud deployment enhancement New value added to drive a business result release_note:enhancement Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.7.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Security Solution] Extend bulk edit rules API to return skipped rules in response
6 participants
@jpdjere @elasticmachine @banderror @kibana-ci @maximpn @dplumlee