[Security Solution] Remove extra data structures in create/edit rule forms #157749
Conversation
…-ref HEAD~1..HEAD --fix'
…-ref HEAD~1..HEAD --fix'
marshallmain
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
marshallmain
added
release_note:skip
There was a problem hiding this comment.
@marshallmain Thank you for the long awaited refactoring 🙏 It made the rule's form much cleaner and it's a great step towards simplicity.
Tested locally and it seems working fine though I haven't performed complex manual testing scenarios.
It's clear that some code is just coming through but there is no hard to improve it a bit. As it doesn't look critical I approve the PR and it's up to you to react on the nit comments.
x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/form.tsx
Outdated
Show resolved
Hide resolved
...ins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
Outdated
Show resolved
Hide resolved
| /> | ||
| <div | ||
| style={{ | ||
| display: activeStep === RuleStep.defineRule ? undefined : 'none', |
There was a problem hiding this comment.
I'm curious if there is already an utility component or something exposed by EUI (I wasn't able to find it in the docs) to improve readability. Something like
<DisplayOnCondition visible={activeStep === RuleStep.defineRule}>
...
</DisplayOnCondition>
or it could be a component specific for this functionality only accepting a step name.
...ins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
Outdated
Show resolved
Hide resolved
...ins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx
Outdated
Show resolved
Hide resolved
| </StepContentWrapper> | ||
| ); | ||
| }; | ||
| export const StepAboutRuleReadOnly = memo(StepAboutRuleReadOnlyComponent); |
There was a problem hiding this comment.
I see memo() utility is used for the other steps as well though it's unclear if it does a real performance improvement it's here just "in case".
There was a problem hiding this comment.
++ I think only a shallow comparison is being made, so it the props may nullify the memo each time.
There was a problem hiding this comment.
Yeah I haven't checked to see if we're getting a benefit here or not - the forms lib doesn't seem great about providing the same object on each render so defaultValues might be changing a lot and taking away the memo benefits. But, the "Read only" view was memoized before when it was combined with the edit component, so I just memoized it here to keep the behavior as similar as possible.
I have another branch where I was working on improving the memoization around the create rules page, but I wasn't seeing a noticeable difference in user experience so I shelved it to work on this refactor instead. But, it could be worth picking it up again next.
…-ref HEAD~1..HEAD --fix'
| it('Shows validation error on rule edit when saved query can not be loaded', function () { | ||
| // TODO: this error depended on the schema validation running. Can we show the error | ||
| // based on the saved query failing to load instead of relying on the schema validation? | ||
| it.skip('Shows validation error on rule edit when saved query can not be loaded', function () { |
There was a problem hiding this comment.
Can you create an issue to record this as being skipped if we're unable to skip it before merging?
| </StepContentWrapper> | ||
| ); | ||
| }; | ||
| export const StepAboutRuleReadOnly = memo(StepAboutRuleReadOnlyComponent); |
There was a problem hiding this comment.
++ I think only a shallow comparison is being made, so it the props may nullify the memo each time.
There was a problem hiding this comment.
This is a much awaited refactor! LGTM! I pulled down to test creating and editing rules. I tried to fill out pretty much every field to test it out. All seemed good. There's some existing validation bugs with the actions section but unrelated to any of these changes.
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Unknown metric groupsESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
**Addresses:** #159349 ## Summary This PR fixes and re-enables rule snoozing Cypress test `Rule editing page / actions tab - adds an action to a snoozed rule`. ## Details Basically the test wasn't flaky it just failed on the `main` branch and was skipped. The cause lays in interlacing [Rule snooze tests PR](#158195) with [Rule Editing page refactoring PR](#157749). Two PRs were merged independently to the `main` branch (while the tests PR was merged the last) so combining them lead to a test failure while each one separately didn't cause any problems. ### The root cause The root cause is in a combination of factors. [useForm](https://github.com/elastic/kibana/blob/main/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_form.ts#L33) hook has a flaw it can't update its state when new `defaultValue` comes in. The same issue also in [useField](https://github.com/elastic/kibana/blob/main/src/plugins/es_ui_shared/static/forms/hook_form_lib/hooks/use_field.ts#L77) hook. Rule Editing page fetched a fresh rule's data every time it's rendered via [useRule](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx#L581). As `useRule` hook is based on `React Query` it returns stale data during the first render while firing an HTTP request for the fresh data. Obviously the problem happens if the stale data is passed to `useForm` hook as `defaultValue` and when fresh data is fetched and passed again to `useForm` hook the latter just ignores it. Staying longer on the Rule Details page helps to avoid the problem as fetched rule's data is cached and returned as stale data on the Rule Editing page after transition. As stale and fresh data are the same the test would pass. Anyway this behaviour can be reproduced in prod with a slow internet connection. ### What was done to fix the problem? Functionality has been added to update the cached rule's data (React Query cache) upon mutation successful update rule mutation. The mutation if fired by pressing "Save changes" button on the Rule Editing page. It is possible as update rule endpoint returns an updated rule in its response. Along the way it turned out update rule endpoint's and read rule endpoint's responses weren't properly typed so it lead to types mismatch. To fix it `updateRule`'s and `UseMutationOptions`'s return types were changed to `Rule` instead of `RuleResponse`. ### Misc Along the way it turned out `cy.get(RULE_INDICES).should('be.visible');` isn't required anymore to access rule actions form.
…163050) ## Summary Original ticket: #159060 This PR un-skips test which was disabled after the Rule Editing page [refactoring](#157749). There we stopped fields validation on page loading. To be able to show the "failed to load saved query" error on page loading we force the field validation when we failed to load a saved query.
Summary
This PR refactors the forms used by the Detection Engine create and edit rule pages. The existing forms have a lot of complexity in how data is managed: each of the 4 steps (Define, About, Schedule, and Actions) map to a separate component, and these individual components own the form for that step. However, some steps have dependencies on data in other steps. In addition, Rule Preview and submitting the rule to the API require the data from all steps. To resolve this, I moved the form ownership from the individual step components to the Create/Edit Rule page components and passed the appropriate form into each individual step component.
With the forms owned at the Page level, many of the additional data structures we previously needed to pass form data around are no longer necessary.
Removed
formHooks,setFormHooks- These hooks were used to let step components pass the form'svalidatefunction back up to the Page component. With the forms created in the Page component, thevalidatefunctions are available without additional structures.stepsData,setStepsData- This data structure held the form data from each step and the validation status. We now use the live form data throughuseFormDatawithout additional sidecar data structures.defineRuleData/aboutRuleData/scheduleRuleData- Sidecar data structures for rule preview, also held the form data from each step. We now use the live form data throughuseFormDatawithout additional sidecar data structures.Simplified
editStep()no longer relies onformHookssubmitStep()no longer relies onformHookswatchandonChangeconfigurationsKey Implementation Notes
In order for
useFormDatato be reliable, the forms for all steps must stay in the DOM at all times while on the Create/Edit pages. Thus the "read only" view has been separated from the editable view, and the visibility of each view is toggled by hiding elements with CSS rather than removing them from the DOM.If the form were to be removed from the DOM when switching to a read only view, the values from
useFormDatawould reset to the default values so we would need a sidecar object to hold the form values when the form is not rendered. It would also require re-loading the values from the sidecar into the form when the form gets re-added to the DOM. Keeping the form in the DOM at all times allows us to rely onuseFormDataconsistently, which simplifies the data model.Bug Fixes