[Security Solution] Fix exporting all rules#152900
Merged
maximpn merged 8 commits intoelastic:mainfrom Mar 10, 2023
Merged
Conversation
maximpn
added
release_note:skip
maximpn
changed the title
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
xcrzx
reviewed
Mar 10, 2023
Comment on lines
67
to
71
Contributor
There was a problem hiding this comment.
To clarify, the event log and the .kibana index are separate. Just because the event log contains an "execution complete" event doesn't necessarily mean that the .kibana index has been updated and that the execution_summary has been added to the rule. It's possible for this update to happen before or after the execution event. We shouldn't rely on this assumption.
The best option for us is to poll for the execution_summary update in the rule. But if for some reason, it is complicated, a better solution would be adding a "sleep" function for one second to ensure the .kibana index has been refreshed.
Contributor
There was a problem hiding this comment.
Another thought is to try to await for POST /.kibana/_refresh.
Contributor
Author
There was a problem hiding this comment.
I've replaced await waitForEventLogExecuteComplete with 1 second delay.
maximpn
force-pushed
the
fix-export-all-rules
branch
from
7e70284 to
a405b28
Compare
xcrzx
approved these changes
Mar 10, 2023
Contributor
xcrzx
left a comment
xcrzx
left a comment
There was a problem hiding this comment.
LGTM, thanks for the fix 👍
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @maximpn |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Mar 10, 2023
**Relates to:** elastic/security-team#5339, elastic#150097, elastic#150553 ## Summary This PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like `execution_summary`. This way it lead to inability to import just exported rules if as minimum one of them executed just once. On top of this the PR contains functional and Cypress tests to cover the fix. ## TODO - [ ] get rid of `await waitForEventLogExecuteComplete()` in functional tests - [ ] allow `getNewRule()` to rewrite its defaults ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 6b62ae2)
Contributor
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Mar 10, 2023
# Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution] Fix exporting all rules (#152900)](#152900) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2023-03-10T17:23:48Z","message":"[Security Solution] Fix exporting all rules (#152900)\n\n**Relates to:** elastic/security-team#5339, #150097, https://github.com/elastic/kibana/pull/150553\r\n\r\n## Summary\r\n\r\nThis PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like `execution_summary`. This way it lead to inability to import just exported rules if as minimum one of them executed just once.\r\n\r\nOn top of this the PR contains functional and Cypress tests to cover the fix.\r\n\r\n## TODO\r\n\r\n- [ ] get rid of `await waitForEventLogExecuteComplete()` in functional tests\r\n- [ ] allow `getNewRule()` to rewrite its defaults\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"6b62ae2adfead5ece8b47c0909ab58c67f3f1adb","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rules","backport:prev-minor","Feature:Rule Import/Export","v8.8.0"],"number":152900,"url":"https://github.com/elastic/kibana/pull/152900","mergeCommit":{"message":"[Security Solution] Fix exporting all rules (#152900)\n\n**Relates to:** elastic/security-team#5339, #150097, https://github.com/elastic/kibana/pull/150553\r\n\r\n## Summary\r\n\r\nThis PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like `execution_summary`. This way it lead to inability to import just exported rules if as minimum one of them executed just once.\r\n\r\nOn top of this the PR contains functional and Cypress tests to cover the fix.\r\n\r\n## TODO\r\n\r\n- [ ] get rid of `await waitForEventLogExecuteComplete()` in functional tests\r\n- [ ] allow `getNewRule()` to rewrite its defaults\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"6b62ae2adfead5ece8b47c0909ab58c67f3f1adb"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/152900","number":152900,"mergeCommit":{"message":"[Security Solution] Fix exporting all rules (#152900)\n\n**Relates to:** elastic/security-team#5339, #150097, https://github.com/elastic/kibana/pull/150553\r\n\r\n## Summary\r\n\r\nThis PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like `execution_summary`. This way it lead to inability to import just exported rules if as minimum one of them executed just once.\r\n\r\nOn top of this the PR contains functional and Cypress tests to cover the fix.\r\n\r\n## TODO\r\n\r\n- [ ] get rid of `await waitForEventLogExecuteComplete()` in functional tests\r\n- [ ] allow `getNewRule()` to rewrite its defaults\r\n\r\n### Checklist\r\n\r\n- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials\r\n- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"6b62ae2adfead5ece8b47c0909ab58c67f3f1adb"}}]}] BACKPORT--> Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
bmorelli25
pushed a commit
to bmorelli25/kibana
that referenced
this pull request
Mar 10, 2023
**Relates to:** elastic/security-team#5339, elastic#150097, elastic#150553 ## Summary This PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like `execution_summary`. This way it lead to inability to import just exported rules if as minimum one of them executed just once. On top of this the PR contains functional and Cypress tests to cover the fix. ## TODO - [ ] get rid of `await waitForEventLogExecuteComplete()` in functional tests - [ ] allow `getNewRule()` to rewrite its defaults ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
maximpn
added a commit
that referenced
this pull request
Mar 27, 2023
…153410) **Relates to:** #152900 ## Summary This PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of #150553 into isolated parts. ## Details Based on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests.
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Apr 4, 2023
…lastic#153410) **Relates to:** elastic#152900 ## Summary This PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of elastic#150553 into isolated parts. ## Details Based on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests. (cherry picked from commit 519185f) # Conflicts: # x-pack/test/cases_api_integration/common/lib/alerts.ts
maximpn
referenced
this pull request
Apr 4, 2023
…per (#153410) (#154328) # Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution] Support rule id in wait for rule status helper (#153410)](#153410) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2023-03-27T09:03:15Z","message":"[Security Solution] Support rule id in wait for rule status helper (#153410)\n\n**Relates to:** https://github.com/elastic/kibana/pull/152900\r\n\r\n## Summary\r\n\r\nThis PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of #150553 into isolated parts.\r\n\r\n## Details\r\n\r\nBased on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests.","sha":"519185ffa88aeea05626f71b303a7daf1ce9d14b","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["refactoring","technical debt","release_note:skip","test-api-integration","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rules","backport:prev-minor","v8.8.0"],"number":153410,"url":"https://github.com/elastic/kibana/pull/153410","mergeCommit":{"message":"[Security Solution] Support rule id in wait for rule status helper (#153410)\n\n**Relates to:** https://github.com/elastic/kibana/pull/152900\r\n\r\n## Summary\r\n\r\nThis PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of #150553 into isolated parts.\r\n\r\n## Details\r\n\r\nBased on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests.","sha":"519185ffa88aeea05626f71b303a7daf1ce9d14b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/153410","number":153410,"mergeCommit":{"message":"[Security Solution] Support rule id in wait for rule status helper (#153410)\n\n**Relates to:** https://github.com/elastic/kibana/pull/152900\r\n\r\n## Summary\r\n\r\nThis PR adds an ability to wait for rule status by its rule id in functional tests. It is a result of splitting of #150553 into isolated parts.\r\n\r\n## Details\r\n\r\nBased on what kind of id is used (SO id or rule id) it leads to different behaviour under the hood. SO id related functionality consumes ES Get API while rule id related functionality consumes ES Search API. This way it may require to add some delay to let ES to refresh the data if the testing logic consumes ES Search API while rule status was awaited via SO id so that handled by ES Get API. This PR removes such a delay at rule exporting functional tests.","sha":"519185ffa88aeea05626f71b303a7daf1ce9d14b"}}]}] BACKPORT-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Relates to: https://github.com/elastic/security-team/issues/5339, #150097, #150553
Summary
This PR fixes all rules exporting functionality which started exporting unintentionally runtime fields like
execution_summary. This way it lead to inability to import just exported rules if as minimum one of them executed just once.On top of this the PR contains functional and Cypress tests to cover the fix.
TODO
await waitForRuleSuccessOrStatus()in functional tests (done in [Security Solution] Support rule id in wait for rule status helper #153410)getNewRule()to rewrite its defaultsChecklist