Skip to content

Commit

Permalink
[Security Solution] Remove warning for rule filter (elastic#201776)
Browse files Browse the repository at this point in the history
**Resolves: elastic#178908**

## Summary

This PR fixes a warning displayed for the rule when certain filter is
present.
I followed the suggestion from @nikitaindik in the original ticket and
pulled his fix and tested that it works, but it also needed some
modification borrowed from QueryBar component, namely to update the
filters before displaying the FilterItems component.

Note: This PR only covers the Rule Creation / Rules Details page. Two
new tickets have been created to cover issues found in other places:
elastic#203600 and elastic#203615

# BEFORE
<img width="899" alt="image"
src="https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0">

# AFTER
<img width="901" alt="image"
src="https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907">

### Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

---------

Co-authored-by: Nikita Indik <[email protected]>
(cherry picked from commit 2e3a748)

# Conflicts:
#	x-pack/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/rule_definition_section.tsx
#	x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_details/three_way_diff/final_edit/fields/hooks/use_data_view.ts
  • Loading branch information
jkelas committed Dec 18, 2024
1 parent 603a4ce commit d5a28b1
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import React from 'react';
import React, { useMemo } from 'react';
import { isEmpty } from 'lodash/fp';
import {
EuiDescriptionList,
Expand All @@ -23,8 +23,8 @@ import type {
import type { Filter } from '@kbn/es-query';
import type { SavedQuery } from '@kbn/data-plugin/public';
import { mapAndFlattenFilters } from '@kbn/data-plugin/public';
import type { DataView } from '@kbn/data-views-plugin/public';
import { FilterItems } from '@kbn/unified-search-plugin/public';
import { isDataView } from '../../../../common/components/query_bar';
import type {
AlertSuppressionMissingFieldsStrategy,
RequiredFieldArray,
Expand All @@ -39,8 +39,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc
import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
import * as threatMatchI18n from '../../../../common/components/threat_match/translations';
import * as timelinesI18n from '../../../../timelines/components/timeline/translations';
import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
import type { Duration } from '../../../../detections/pages/detection_engine/rules/types';
import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers';
import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description';
Expand All @@ -59,6 +57,7 @@ import {
} from './rule_definition_section.styles';
import { getQueryLanguageLabel } from './helpers';
import { useDefaultIndexPattern } from './use_default_index_pattern';
import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view';

interface SavedQueryNameProps {
savedQueryName: string;
Expand All @@ -83,16 +82,34 @@ export const Filters = ({
index,
'data-test-subj': dataTestSubj,
}: FiltersProps) => {
const flattenedFilters = mapAndFlattenFilters(filters);

const defaultIndexPattern = useDefaultIndexPattern();
const useDataViewParams = dataViewId
? { dataViewId }
: { indexPatterns: index ?? defaultIndexPattern };
const { dataView } = useDataView(useDataViewParams);
const isEsql = filters.some((filter) => filter?.query?.language === 'esql');
const searchBarFilters = useMemo(() => {
if (!index || isDataView(index) || isEsql) {
return filters;
}
const filtersWithUpdatedMetaIndex = filters.map((filter) => {
return {
...filter,
meta: {
...filter.meta,
index: index.join(','),
},
};
});

const { indexPattern } = useRuleIndexPattern({
dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns,
index: index ?? defaultIndexPattern,
dataViewId,
});
return filtersWithUpdatedMetaIndex;
}, [filters, index, isEsql]);

if (!dataView) {
return null;
}

const flattenedFilters = mapAndFlattenFilters(searchBarFilters);
const styles = filtersStyles;

return (
Expand All @@ -103,7 +120,7 @@ export const Filters = ({
responsive={false}
gutterSize="xs"
>
<FilterItems filters={flattenedFilters} indexPatterns={[indexPattern as DataView]} readOnly />
<FilterItems filters={flattenedFilters} indexPatterns={[dataView]} readOnly />
</EuiFlexGroup>
);
};
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { useEffect, useState } from 'react';
import type { DataView } from '@kbn/data-views-plugin/common';
import { useKibana } from '../../../../../../../../common/lib/kibana';

export type UseDataViewParams =
| { indexPatterns: string[]; dataViewId?: never }
| { indexPatterns?: never; dataViewId: string };

interface UseDataViewResult {
dataView: DataView | undefined;
isLoading: boolean;
}

export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDataViewResult {
const {
data: { dataViews: dataViewsService },
} = useKibana().services;
const [dataView, setDataView] = useState<DataView | undefined>();
const [isLoading, setIsLoading] = useState(false);

useEffect(() => {
setIsLoading(true);

(async () => {
try {
if (indexPatternsOrDataViewId.indexPatterns) {
const indexPatternsDataView = await dataViewsService.create({
title: indexPatternsOrDataViewId.indexPatterns.join(','),
id: indexPatternsOrDataViewId.indexPatterns.join(','),
allowNoIndex: true,
});

setDataView(indexPatternsDataView);
return;
}

if (indexPatternsOrDataViewId.dataViewId) {
const ruleDataView = await dataViewsService.get(indexPatternsOrDataViewId.dataViewId);

setDataView(ruleDataView);
}
} finally {
setIsLoading(false);
}
})();
}, [
dataViewsService,
indexPatternsOrDataViewId.indexPatterns,
indexPatternsOrDataViewId.dataViewId,
]);

return { dataView, isLoading };
}

0 comments on commit d5a28b1

Please sign in to comment.