[Security Solution] DetectionRulesClient refactoring. Part 2
#184364
Assignees
Labels
8.16 candidate
Feature:Rule Management
Security Solution Detection Rule Management
refactoring
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
v8.15.0
v8.16.0
Comments
xcrzx
added
refactoring
Feature:Detection Rules
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
banderror
added
Feature:Rule Management
|
@nikitaindik I also noticed that we don't provide correct APM spans inside our client. We need to wrap every client method in |
|
Opened a PR that renames |
nikitaindik
added a commit
that referenced
this issue
Jun 3, 2024
…Client` (#184598) **Partially addresses: #184364 ## Summary As a first step in refactoring our newly added `rulesManagementClient`, we are renaming it from `rulesManagementClient` to `detectionRulesClient`. `rulesManagementClient` looks and sounds too similar to a long existing `rulesClient`, so it can be confusing to new devs or anyone quickly digging through the code. This PR just updates the name. Other refactorings will be arriving in the upcoming PRs.
nikitaindik
changed the title
DetectionRulesClient refactoring. Part 2
nikitaindik
added a commit
that referenced
this issue
Jun 6, 2024
…nd add APM spans (#184820) **Partially addresses: #184364 ## Summary This PR is second step in refactoring our newly added `detectionRulesClient`. Changes in this PR: - every public method was extracted into its own file for readability - `_createRule`, `_updateRule`, `_patchRule` and `_upgradePrebuiltRuleWithTypeChange` private methods were removed, their code inlined into the public methods - `toggleRuleEnabledOnUpdate`, `validateMlAuth` and `ClientError` were moved to `utils.ts` - methods are now wrapped in `withSecuritySpan` to report perf stats to APM - renamed `*.rules_management_client.test.ts` -> `*.detection_rules_client.test.ts` - now using the whole `detectionRulesClient` in tests, not just separate methods - simplified parameters of `createDetectionRulesClient`. Now 2 parameters are needed instead of 5, **DetectionRulesClient method showing up in APM** <img width="918" alt="Schermafbeelding 2024-06-05 om 14 00 36" src="https://github.com/elastic/kibana/assets/15949146/c8b469f7-9d0b-4534-a1c9-f35327ec2c4c"> **Extracted methods** Upon reviewing the private methods in `detection_rules_client.ts`, it became apparent that extracting these methods into separate files may not be the most effective approach to improve readability. The primary reason is that these private methods do not provide clear abstractions, making them difficult to name appropriately. Take `_updateRule` as an example. This method combines an existing rule with a rule update to create an InternalRuleUpdate object, which is then passed to `rulesClient.update`. If we were to extract this into a separate file, we would need to import it for use in the public `updateRule` method. This would result in an `updateRule` method that calls `_updateRule`, creating confusion about what the inner `_updateRule` does. Also, extracting only private methods does not significantly improve readability, as these methods do not contain a large amount of code. So I ended up inlining the code from most of these private methods directly into the public methods.
banderror
added a commit
that referenced
this issue
Jun 7, 2024
…4954) **Partially addresses: #184364 ## Summary This PR contains various smaller-scale refactorings for the recently added `DetectionsRuleClient`. **Changes**: - Renamed `DetectionRulesClient` containing directory from `rule_management` to `detection_rules_client` - Moved `DetectionRulesClient` methods into the `detection_rules_client/methods` dir - Moved the TS interface of `DetectionRulesClient` into a separate file `detection_rules_client_interface.ts` - Simplified `importRule` method parameters - Added memoization to `getDetectionRulesClient` --------- Co-authored-by: Georgii Gorbachev <[email protected]>
eokoneyo
pushed a commit
to eokoneyo/kibana
that referenced
this issue
Jun 13, 2024
…stic#184954) **Partially addresses: elastic#184364 ## Summary This PR contains various smaller-scale refactorings for the recently added `DetectionsRuleClient`. **Changes**: - Renamed `DetectionRulesClient` containing directory from `rule_management` to `detection_rules_client` - Moved `DetectionRulesClient` methods into the `detection_rules_client/methods` dir - Moved the TS interface of `DetectionRulesClient` into a separate file `detection_rules_client_interface.ts` - Simplified `importRule` method parameters - Added memoization to `getDetectionRulesClient` --------- Co-authored-by: Georgii Gorbachev <[email protected]>
nikitaindik
added a commit
that referenced
this issue
Jun 18, 2024
…m `createCustomRule` and `createPrebuiltRule` (#185748) **Partially addresses: #184364 ## Summary This PR changes `createCustomRule` and `createPrebuiltRule` methods to return `RuleResponse` instead of `RuleAlertType`. This is a continuation of the effort to improve `DetectionRulesClient`. As a part of it we want to make the client return `RuleResponse` from all its public methods. This is good because it lets us hide rule's internal structure and centralise conversions in one place – in the client. So in this and upcoming PRs we are going to convert `RuleAlertType` to `RuleResponse` within the client's methods and return the `RuleResponse` object.
bhapas
pushed a commit
to bhapas/kibana
that referenced
this issue
Jun 18, 2024
…m `createCustomRule` and `createPrebuiltRule` (elastic#185748) **Partially addresses: elastic#184364 ## Summary This PR changes `createCustomRule` and `createPrebuiltRule` methods to return `RuleResponse` instead of `RuleAlertType`. This is a continuation of the effort to improve `DetectionRulesClient`. As a part of it we want to make the client return `RuleResponse` from all its public methods. This is good because it lets us hide rule's internal structure and centralise conversions in one place – in the client. So in this and upcoming PRs we are going to convert `RuleAlertType` to `RuleResponse` within the client's methods and return the `RuleResponse` object.
nikitaindik
added a commit
that referenced
this issue
Jun 21, 2024
…m all methods (#186179) **Partially addresses: #184364 ## Summary This PR is a follow-up to [PR #185748](#185748) and it converts the remaining `DetectionRulesClient` methods to return `RuleResponse`. Changes in this PR: - These methods now return `RuleResponse` instead of internal `RuleAlertType` type: - `updateRule` - `patchRule` - `upgradePrebuiltRule` - `importRule`
bhapas
pushed a commit
to bhapas/kibana
that referenced
this issue
Jun 24, 2024
…m all methods (elastic#186179) **Partially addresses: elastic#184364 ## Summary This PR is a follow-up to [PR elastic#185748](elastic#185748) and it converts the remaining `DetectionRulesClient` methods to return `RuleResponse`. Changes in this PR: - These methods now return `RuleResponse` instead of internal `RuleAlertType` type: - `updateRule` - `patchRule` - `upgradePrebuiltRule` - `importRule`
|
Hey @xcrzx! I've just changed the assignee to you since you are taking over the leftover work. |
14 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Follow-up to: #180128
Summary
We need to finalize the
DetectionRulesClient(formerly known asRulesManagementClient) refactoring and address the remaining comments left after the initial PR: #182802.PRs
PR 1 (merged)
DetectionRulesClientPR 2 (merged)
withSecuritySpan(comment)_) outside of the main client implementation for better code readability.PR 3 (merged)
DetectionRulesClientcontaining directory fromrule_managementtodetection_rules_clientDetectionRulesClientmethods into thedetection_rules_client/methodsdirDetectionRulesClientinto a separate filedetection_rules_client_interface.tsimportRulemethod parametersgetDetectionRulesClientPR 4 (merged)
PrebuiltRuleAssettype withRuleCreatePropsandRulePatchPropsinupgradePrebuiltRuleandcreatePrebuiltRuleRuleAlertTypefromRulesManagementClient(see this comment). Transition to returningRuleResponsefor these methods:createCustomRuleandcreatePrebuiltRulePR 5 (merged)
RuleAlertTypefromRulesManagementClient(see this comment). Transition to returningRuleResponsefor the remaining methods:updateRule,patchRule,deleteRule,upgradePrebuiltRuleandimportRule.toggleRuleEnabledOnUpdatereturnenabledand then use it in return valueupgradePrebuiltRuleenable behaviour - there might be a bug (place in code). Check if we need to explicitly toggle "enabled" on upgrade.PR 6 (in review)
rule_management/normalization/rule_converters) inside the new rules management client. Check how the converters are used outside the client to see if we can encapsulate them inside the client.RuleResponseand throws an error into a function (comment)Left to do
Leftovers moved to #187656.
The text was updated successfully, but these errors were encountered: