[TGrid] Alerts status update use RBAC api by semd · Pull Request #108092 · elastic/kibana

semd · 2021-08-10T19:09:00Z

Summary

Call RBAC alerts bulk update endpoint from the tGrid status bulk update. It is used in 3 different places:

Bulk status update
Single status update from table row
SIngle status update from flyout

ℹ️- Currently allowing both in-progress and acknowledged status. The in-progress status will need to be cleaned in the status field migration.

Checklist

Delete any items that are not applicable to this PR.

Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
Unit or functional tests were updated or added to match the most common scenarios
Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)

…s and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals

… to use WORKFLOW_STATUS instead of ALERT_STATUS

…dtion to KQL string

adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates tests and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals

…s-rbac-update

…hz properties

…us' and not { signals: {status }} in alerts client

optionally use fields api in requests if _source does not contain authz properties

…emd/kibana into tgrid-bulk-actions-rbac-update

…s-rbac-update

michaelolo24 · 2021-08-13T11:24:29Z

 } as const;
 export type AlertConsumers = typeof AlertConsumers[keyof typeof AlertConsumers];
-export type STATUS_VALUES = 'open' | 'acknowledged' | 'closed';
+export type STATUS_VALUES = 'open' | 'acknowledged' | 'closed' | 'in-progress'; // TODO: remove 'in-progress' after migration to 'acknowledged'


@dplumlee - just pinging you here since you're working on these changes

michaelolo24 · 2021-08-13T11:36:37Z

-      return buildEsQuery(
+      let esQuery;
+      if (id != null) {
+        esQuery = { query: `_id:${id}`, language: 'kuery' };


It could be helpful to have a comment here describing how these different scenarios happen

michaelolo24 · 2021-08-13T11:41:09Z

+              status: t.union([
+                t.literal('open'),
+                t.literal('closed'),
+                t.literal('in-progress'), // TODO: remove after migration to acknowledged


michaelolo24 · 2021-08-13T11:41:19Z

+              status: t.union([
+                t.literal('open'),
+                t.literal('closed'),
+                t.literal('in-progress'), // TODO: remove after migration to acknowledged


jasonrhodes · 2021-08-13T12:41:34Z

FWIW I've been attempting to do some type safe "workflow_status" migration updates in an existing PR that I'm hoping to get in today before I leave.

…test fix a bug where we were not waiting for updates to complete when usin…

…s-rbac-update

michaelolo24

Tested again, works great and thanks for taking care of all of those changes! 💪🏾

Co-authored-by: Devin Hurley <devin.hurley@elastic.co>

kibanamachine · 2021-08-14T02:14:27Z

💚 Backport successful

Status	Branch	Result
✅	7.x

This backport PR will be merged automatically after passing CI.

Co-authored-by: Devin Hurley <devin.hurley@elastic.co> Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co> Co-authored-by: Devin Hurley <devin.hurley@elastic.co>

kibanamachine · 2021-08-18T22:41:51Z

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
`timelines`	246	312	+66

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`securitySolution`	6.5MB	6.5MB	+264.0B
`timelines`	308.7KB	391.5KB	+82.8KB
total			+83.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
`timelines`	309.5KB	309.8KB	+346.0B

Unknown metric groups

References to deprecated APIs

id	before	after	diff
`timelines`	76	78	+2

History

💚 Build #145364 succeeded 36680b4
💚 Build #145347 succeeded 5a09258
💔 Build #145307 failed d5c29fa
💔 Build #145273 failed ca20b19
💔 Build #145143 failed 8138fb6

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dhurley14 @semd

semd added 2 commits August 10, 2021 21:06

use rac alerts bulk_update

49ebd28

cleanup

74e64b1

semd changed the title ~~[TGrid] RAC alerts bulk update endpoint~~ WIP [TGrid] RAC alerts bulk update endpoint Aug 11, 2021

jasonrhodes mentioned this pull request Aug 11, 2021

[RAC] 7.15 Observability Checklist #107933

Closed

52 tasks

michaelolo24 mentioned this pull request Aug 11, 2021

[Security Solution][RAC] - 7.15 Checklist #108071

Closed

48 tasks

peluja1012 mentioned this pull request Aug 11, 2021

[RAC] [Alerts] [RBAC] #95721

Closed

13 tasks

dhurley14 and others added 13 commits August 11, 2021 17:54

adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates test…

73b97e3

…s and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals

allow object and string types in query param, fixed single update api…

d6094df

… to use WORKFLOW_STATUS instead of ALERT_STATUS

adds additional integration test for when query is a DSL object in ad…

1a7cfd4

…dtion to KQL string

merge master

ec8ada3

Merge branch 'tgrid-bulk-actions-rbac-update' into fix-bulk-update-api

f82720b

Merge pull request #1 from dhurley14/fix-bulk-update-api

18e1f8b

adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates tests and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals

Merge remote-tracking branch 'upstream/master' into tgrid-bulk-action…

f91de3f

…s-rbac-update

optionally use fields api in requests if _source does not contain aut…

cae0960

…hz properties

integrate bulk update to all hook calls

918c4bd

adds fields support, fixes bug where we were writing to 'signals.stat…

7cbec10

…us' and not { signals: {status }} in alerts client

Merge pull request #2 from dhurley14/sergi_hotfix_bulk_update

dab6006

optionally use fields api in requests if _source does not contain authz properties

Merge branch 'tgrid-bulk-actions-rbac-update' of https://github.com/s…

120029e

…emd/kibana into tgrid-bulk-actions-rbac-update

clean up and fixes

7ef80cf

semd marked this pull request as ready for review August 12, 2021 17:34

semd requested review from a team as code owners August 12, 2021 17:34

semd changed the title ~~WIP [TGrid] RAC alerts bulk update endpoint~~ [TGrid] RAC alerts bulk update endpoint Aug 12, 2021

semd assigned dhurley14 and semd Aug 12, 2021

semd added v7.15.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes auto-backport Deprecated - use backport:version if exact versions are needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 12, 2021

FrankHassanabad reviewed Aug 12, 2021

View reviewed changes

Comment thread x-pack/test/functional/es_archives/rule_registry/alerts/data.json Outdated

FrankHassanabad reviewed Aug 12, 2021

View reviewed changes

Comment thread x-pack/test/rule_registry/security_and_spaces/tests/basic/bulk_update_alerts.ts

semd added 3 commits August 13, 2021 11:42

take index name from ecsData props

1710bf3

Merge remote-tracking branch 'upstream/master' into tgrid-bulk-action…

22a85ea

…s-rbac-update

pr suggestions

8138fb6