Skip to content

[7.x] [Security Solution][Endpoint]Activity Log API/UX changes (#114905)#115492

Merged
kibanamachine merged 2 commits intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-114905
Oct 19, 2021
Merged

[7.x] [Security Solution][Endpoint]Activity Log API/UX changes (#114905)#115492
kibanamachine merged 2 commits intoelastic:7.xfrom
kibanamachine:backport/7.x/pr-114905

Conversation

@kibanamachine
Copy link
Copy Markdown
Contributor

@kibanamachine kibanamachine commented Oct 19, 2021

Backports the following commits to 7.x:

@ashokaditya @kibanamachine
[Security Solution][Endpoint]Activity Log API/UX changes (elastic#114905
b56fcf4 
)

* rename legacy actions/responses

fixes elastic/security-team/issues/1702

* use correct name for responses index

refs elastic/pull/113621

* extract helper method to utils

* append endpoint responses docs to activity log

* Show completed responses on activity log

fixes elastic/security-team/issues/1703

* remove width restriction on date picker

* add a simple test to verify endpoint responses

fixes elastic/security-team/issues/1702

* find unique action_ids from `.fleet-actions` and `.logs-endpoint.actions-default` indices

fixes elastic/security-team/issues/1702

* do not filter out endpoint only actions/responses that did not make it to Fleet

review comments

* use a constant to manage various doc types

review comments

* refactor `getActivityLog`

Simplify `getActivityLog` so it is easier to reason with.
review comments

* skip this for now

will mock this better in a new PR

* improve types

* display endpoint actions similar to fleet actions, but with success icon color

* Correctly do mocks for tests

* Include only errored endpoint actions, remove successful duplicates

fixes elastic/security-team/issues/1703

* Update tests to use non duplicate action_ids

review comments
fixes elastic/security-team/issues/1703

* show correct action title

review fixes

* statusCode constant

review change

* rename

review changes

* Update translations.ts

refs elastic@74a8340

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine added the backport This PR is a backport of another PR label Oct 19, 2021
@kibanamachine kibanamachine enabled auto-merge (squash) October 19, 2021 03:30
@kibanamachine kibanamachine mentioned this pull request Oct 19, 2021
Merged
5 tasks
@kevinlog
Copy link
Copy Markdown
Contributor

kevinlog commented Oct 19, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Copy Markdown
Contributor Author

kibanamachine commented Oct 19, 2021

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/ml/jobs/categorization_field_examples·ts.apis Machine Learning jobs Categorization example endpoint - partially valid, more than 75% are null

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]     │
[00:00:00]       └-: apis
[00:00:00]         └-> "before all" hook in "apis"
[00:10:15]         └-: Machine Learning
[00:10:15]           └-> "before all" hook in "Machine Learning"
[00:10:15]           └-> "before all" hook in "Machine Learning"
[00:10:15]             │ debg creating role ft_ml_source
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_ml_source]
[00:10:15]             │ debg creating role ft_ml_source_readonly
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_ml_source_readonly]
[00:10:15]             │ debg creating role ft_ml_dest
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_ml_dest]
[00:10:15]             │ debg creating role ft_ml_dest_readonly
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_ml_dest_readonly]
[00:10:15]             │ debg creating role ft_ml_ui_extras
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_ml_ui_extras]
[00:10:15]             │ debg creating role ft_default_space_ml_all
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_default_space_ml_all]
[00:10:15]             │ debg creating role ft_default_space1_ml_all
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_default_space1_ml_all]
[00:10:15]             │ debg creating role ft_all_spaces_ml_all
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_all_spaces_ml_all]
[00:10:15]             │ debg creating role ft_default_space_ml_read
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_default_space_ml_read]
[00:10:15]             │ debg creating role ft_default_space1_ml_read
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_default_space1_ml_read]
[00:10:15]             │ debg creating role ft_all_spaces_ml_read
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_all_spaces_ml_read]
[00:10:15]             │ debg creating role ft_default_space_ml_none
[00:10:15]             │ info [o.e.x.s.a.r.TransportPutRoleAction] [node-01] added role [ft_default_space_ml_none]
[00:10:15]             │ debg creating user ft_ml_poweruser
[00:10:15]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_poweruser]
[00:10:15]             │ debg created user ft_ml_poweruser
[00:10:15]             │ debg creating user ft_ml_poweruser_spaces
[00:10:15]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_poweruser_spaces]
[00:10:15]             │ debg created user ft_ml_poweruser_spaces
[00:10:15]             │ debg creating user ft_ml_poweruser_space1
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_poweruser_space1]
[00:10:16]             │ debg created user ft_ml_poweruser_space1
[00:10:16]             │ debg creating user ft_ml_poweruser_all_spaces
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_poweruser_all_spaces]
[00:10:16]             │ debg created user ft_ml_poweruser_all_spaces
[00:10:16]             │ debg creating user ft_ml_viewer
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_viewer]
[00:10:16]             │ debg created user ft_ml_viewer
[00:10:16]             │ debg creating user ft_ml_viewer_spaces
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_viewer_spaces]
[00:10:16]             │ debg created user ft_ml_viewer_spaces
[00:10:16]             │ debg creating user ft_ml_viewer_space1
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_viewer_space1]
[00:10:16]             │ debg created user ft_ml_viewer_space1
[00:10:16]             │ debg creating user ft_ml_viewer_all_spaces
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_viewer_all_spaces]
[00:10:16]             │ debg created user ft_ml_viewer_all_spaces
[00:10:16]             │ debg creating user ft_ml_unauthorized
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_unauthorized]
[00:10:16]             │ debg created user ft_ml_unauthorized
[00:10:16]             │ debg creating user ft_ml_unauthorized_spaces
[00:10:16]             │ info [o.e.x.s.a.u.TransportPutUserAction] [node-01] added user [ft_ml_unauthorized_spaces]
[00:10:16]             │ debg created user ft_ml_unauthorized_spaces
[00:14:26]           └-: jobs
[00:14:26]             └-> "before all" hook in "jobs"
[00:14:26]             └-: Categorization example endpoint - 
[00:14:26]               └-> "before all" hook for "valid with good number of tokens"
[00:14:26]               └-> "before all" hook for "valid with good number of tokens"
[00:14:26]                 │ info [x-pack/test/functional/es_archives/ml/categorization] Loading "mappings.json"
[00:14:26]                 │ info [x-pack/test/functional/es_archives/ml/categorization] Loading "data.json.gz"
[00:14:26]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [ft_categorization] creating index, cause [api], templates [], shards [1]/[0]
[00:14:26]                 │ info [x-pack/test/functional/es_archives/ml/categorization] Created index "ft_categorization"
[00:14:26]                 │ debg [x-pack/test/functional/es_archives/ml/categorization] "ft_categorization" settings {"index":{"number_of_replicas":"0","number_of_shards":"1"}}
[00:14:27]                 │ info [x-pack/test/functional/es_archives/ml/categorization] Indexed 1501 docs into "ft_categorization"
[00:14:27]                 │ debg applying update to kibana config: {"dateFormat:tz":"UTC"}
[00:14:28]               └-> valid with good number of tokens
[00:14:28]                 └-> "before each" hook: global before each for "valid with good number of tokens"
[00:14:28]                 └- ✓ pass  (171ms)
[00:14:28]               └-> invalid, too many tokens.
[00:14:28]                 └-> "before each" hook: global before each for "invalid, too many tokens."
[00:14:28]                 │ info [r.suppressed] [node-01] path: /_analyze, params: {}
[00:14:28]                 │      org.elasticsearch.transport.RemoteTransportException: [node-01][127.0.0.1:63241][indices:admin/analyze[s]]
[00:14:28]                 │      Caused by: java.lang.IllegalStateException: The number of tokens produced by calling _analyze has exceeded the allowed maximum of [10000]. This limit can be set by changing the [index.analyze.max_token_count] index level setting.
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction$TokenCounter.increment(TransportAnalyzeAction.java:397) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction$TokenCounter.access$100(TransportAnalyzeAction.java:387) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.simpleAnalyze(TransportAnalyzeAction.java:229) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.analyze(TransportAnalyzeAction.java:204) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.analyze(TransportAnalyzeAction.java:122) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.shardOperation(TransportAnalyzeAction.java:110) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.shardOperation(TransportAnalyzeAction.java:62) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction.lambda$asyncShardOperation$0(TransportSingleShardAction.java:99) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:47) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.ActionRunnable$2.doRun(ActionRunnable.java:62) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:737) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
[00:14:28]                 │      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
[00:14:28]                 │      	at java.lang.Thread.run(Thread.java:833) [?:?]
[00:14:28]                 │ info [r.suppressed] [node-01] path: /_analyze, params: {}
[00:14:28]                 │      org.elasticsearch.transport.RemoteTransportException: [node-01][127.0.0.1:63241][indices:admin/analyze[s]]
[00:14:28]                 │      Caused by: java.lang.IllegalStateException: The number of tokens produced by calling _analyze has exceeded the allowed maximum of [10000]. This limit can be set by changing the [index.analyze.max_token_count] index level setting.
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction$TokenCounter.increment(TransportAnalyzeAction.java:397) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction$TokenCounter.access$100(TransportAnalyzeAction.java:387) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.simpleAnalyze(TransportAnalyzeAction.java:229) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.analyze(TransportAnalyzeAction.java:204) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.analyze(TransportAnalyzeAction.java:122) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.shardOperation(TransportAnalyzeAction.java:110) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.admin.indices.analyze.TransportAnalyzeAction.shardOperation(TransportAnalyzeAction.java:62) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction.lambda$asyncShardOperation$0(TransportSingleShardAction.java:99) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.ActionRunnable.lambda$supply$0(ActionRunnable.java:47) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.action.ActionRunnable$2.doRun(ActionRunnable.java:62) ~[elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:737) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-7.16.0-SNAPSHOT.jar:7.16.0-SNAPSHOT]
[00:14:28]                 │      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
[00:14:28]                 │      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
[00:14:28]                 │      	at java.lang.Thread.run(Thread.java:833) [?:?]
[00:14:28]                 └- ✓ pass  (184ms)
[00:14:28]               └-> partially valid, more than 75% are null
[00:14:28]                 └-> "before each" hook: global before each for "partially valid, more than 75% are null"
[00:14:28]                 └- ✖ fail: apis Machine Learning jobs Categorization example endpoint -  partially valid, more than 75% are null
[00:14:28]                 │       Error: expected 249 to sort of equal 250
[00:14:28]                 │       + expected - actual
[00:14:28]                 │ 
[00:14:28]                 │       -249
[00:14:28]                 │       +250
[00:14:28]                 │       
[00:14:28]                 │       at Assertion.assert (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:14:28]                 │       at Assertion.eql (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:14:28]                 │       at Context.<anonymous> (test/api_integration/apis/ml/jobs/categorization_field_examples.ts:303:36)
[00:14:28]                 │       at runMicrotasks (<anonymous>)
[00:14:28]                 │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:14:28]                 │       at Object.apply (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:14:28]                 │ 
[00:14:28]                 │

Stack Trace

Error: expected 249 to sort of equal 250
    at Assertion.assert (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/api_integration/apis/ml/jobs/categorization_field_examples.ts:303:36)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/parallel/24/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '249',
  expected: '250',
  showDiff: true
}

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 4.6MB 4.6MB +2.6KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ashokaditya

@kibanamachine kibanamachine merged commit d925787 into elastic:7.x Oct 19, 2021
@kevinlog
Copy link
Copy Markdown
Contributor

kevinlog commented Oct 19, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Copy Markdown
Contributor Author

kibanamachine commented Oct 19, 2021

ignoring request to update branch, pull request is closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@ashokaditya ashokaditya

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kibanamachine @kevinlog @ashokaditya