Skip to content

Comments

[Security Solution][Investigations] - fix opening flyout, and clear filters#156702

Merged
michaelolo24 merged 7 commits intoelastic:mainfrom
michaelolo24:url-flyout-fixes
May 8, 2023
Merged

[Security Solution][Investigations] - fix opening flyout, and clear filters#156702
michaelolo24 merged 7 commits intoelastic:mainfrom
michaelolo24:url-flyout-fixes

Conversation

@michaelolo24
Copy link
Contributor

@michaelolo24 michaelolo24 commented May 4, 2023

Summary

This PR fixes the following issue #156590 where a users configuration for their alert page filters can prevent them from seeing the alert in the table. In this PR we clear the filters to only show the required status filter, with no selection, to rely primarily on the kql query filter for the alert id.

Demo:

Screen.Recording.2023-05-04.at.5.13.43.PM.mov

It also fixes a bug where the flyout when opened wasn't unmounted when navigating away from a page and back to it as seen here:

The bug:

Screen.Recording.2023-05-04.at.5.25.05.PM.mov

With the fix:

Screen.Recording.2023-05-04.at.5.28.04.PM.mov

Checklist

Delete any items that are not applicable to this PR.

@michaelolo24 michaelolo24 added bug Fixes for quality problems that affect the customer experience Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team v8.8.0 labels May 4, 2023
@michaelolo24 michaelolo24 added the impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. label May 4, 2023
@michaelolo24 michaelolo24 self-assigned this May 4, 2023
@michaelolo24 michaelolo24 marked this pull request as ready for review May 5, 2023 12:46
@michaelolo24 michaelolo24 requested review from a team as code owners May 5, 2023 12:46
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@michaelolo24 michaelolo24 added the release_note:skip Skip the PR/issue when compiling release notes label May 5, 2023
it('should remove the flyout details from local storage when closed', () => {
cy.get(OVERVIEW_RULE).should('be.visible');
closeAlertFlyout();
cy.wait(500); // Wait for the localStorage update to take place
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did the tests show that it needs 500ms before the localstorage write has finished? I would expect that 100ms should be enough, plus a little buffer.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's because of how we handle the localStorage updates:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should add timeout/pipe on assertion instead of delay. Because if someone changes the delay, test will start failing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the help @logeekal! a70dd0c

it('should not remove the flyout state from localstorage when navigating away without closing the flyout', () => {
cy.get(OVERVIEW_RULE).should('be.visible');
goToRuleDetails();
cy.wait(500); // Wait for the localStorage update to take place
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

@michaelolo24 michaelolo24 May 5, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was able to get help from Jatin to refactor this to not explicitly rely on specific timerange 💪🏾 Thanks for the review!

export const getClassSelector = (className: string) => `.${className}`;

export const getLocalstorageEntryAsObject = (storage: Cypress.StorageByOrigin, field: string) => {
const envLocalstorage = storage?.['http://localhost:5620'];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the test env url always 'http://localhost:5620 ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha. Somehow I feel like this should be a const, though :D


const url = `${ALERTS_PATH}?${URL_PARAM_KEY.appQuery}=${kqlAppQuery}&${URL_PARAM_KEY.timerange}=${timerange}&${URL_PARAM_KEY.eventFlyout}=${flyoutString}`;
const statusPageFilter: FilterItemObj = {
fieldName: 'kibana.alert.workflow_status',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wdyt about using this const instead?

import { ALERT_WORKFLOW_STATUS } from '@kbn/rule-data-utils';

Copy link
Contributor

@janmonschke janmonschke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

@kibanamachine kibanamachine requested a review from a team as a code owner May 5, 2023 14:23
@kibana-ci
Copy link

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #52 / expressions explorer emits an action and navigates

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 9.1MB 9.1MB +213.0B
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
securitySolution 398 401 +3
total +5

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
securitySolution 478 481 +3
total +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @michaelolo24

Copy link
Contributor

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rules area changes LGTM!

@michaelolo24 michaelolo24 enabled auto-merge (squash) May 8, 2023 12:26
Copy link
Contributor

@e40pud e40pud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alerts area changes LGTM!

@michaelolo24 michaelolo24 merged commit 1b40216 into elastic:main May 8, 2023
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request May 8, 2023
…ilters (elastic#156702)

## Summary

This PR fixes the following issue
elastic#156590 where a users
configuration for their alert page filters can prevent them from seeing
the alert in the table. In this PR we clear the filters to only show the
required status filter, with no selection, to rely primarily on the kql
query filter for the alert id.

Demo:

https://user-images.githubusercontent.com/17211684/236332095-ac5583ec-6b5f-4ee2-9c23-9391b54263ba.mov

It also fixes a bug where the flyout when opened wasn't unmounted when
navigating away from a page and back to it as seen here:

The bug:

https://user-images.githubusercontent.com/17211684/236333550-b41925f9-a06c-4aa9-931b-beecf4c9ae9b.mov

With the fix:

https://user-images.githubusercontent.com/17211684/236334123-a0e3169e-2ec8-4754-92d2-65f2f369fa4f.mov

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 1b40216)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.8

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request May 9, 2023
…lear filters (#156702) (#156984)

# Backport

This will backport the following commits from `main` to `8.8`:
- [[Security Solution][Investigations] - fix opening flyout, and clear
filters (#156702)](#156702)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Michael
Olorunnisola","email":"michael.olorunnisola@elastic.co"},"sourceCommit":{"committedDate":"2023-05-08T12:29:20Z","message":"[Security
Solution][Investigations] - fix opening flyout, and clear filters
(#156702)\n\n## Summary\r\n\r\nThis PR fixes the following
issue\r\nhttps://github.com//issues/156590 where a
users\r\nconfiguration for their alert page filters can prevent them
from seeing\r\nthe alert in the table. In this PR we clear the filters
to only show the\r\nrequired status filter, with no selection, to rely
primarily on the kql\r\nquery filter for the alert id.\r\n\r\nDemo:
\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236332095-ac5583ec-6b5f-4ee2-9c23-9391b54263ba.mov\r\n\r\n\r\nIt
also fixes a bug where the flyout when opened wasn't unmounted
when\r\nnavigating away from a page and back to it as seen
here:\r\n\r\nThe
bug:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236333550-b41925f9-a06c-4aa9-931b-beecf4c9ae9b.mov\r\n\r\nWith
the
fix:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236334123-a0e3169e-2ec8-4754-92d2-65f2f369fa4f.mov\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"1b40216e781b4bcd4d1bf5180aa505c266b29082","branchLabelMapping":{"^v8.9.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:medium","Team:Threat
Hunting","Team: SecuritySolution","Team:Threat
Hunting:Investigations","v8.8.0","v8.9.0"],"number":156702,"url":"https://github.com/elastic/kibana/pull/156702","mergeCommit":{"message":"[Security
Solution][Investigations] - fix opening flyout, and clear filters
(#156702)\n\n## Summary\r\n\r\nThis PR fixes the following
issue\r\nhttps://github.com//issues/156590 where a
users\r\nconfiguration for their alert page filters can prevent them
from seeing\r\nthe alert in the table. In this PR we clear the filters
to only show the\r\nrequired status filter, with no selection, to rely
primarily on the kql\r\nquery filter for the alert id.\r\n\r\nDemo:
\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236332095-ac5583ec-6b5f-4ee2-9c23-9391b54263ba.mov\r\n\r\n\r\nIt
also fixes a bug where the flyout when opened wasn't unmounted
when\r\nnavigating away from a page and back to it as seen
here:\r\n\r\nThe
bug:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236333550-b41925f9-a06c-4aa9-931b-beecf4c9ae9b.mov\r\n\r\nWith
the
fix:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236334123-a0e3169e-2ec8-4754-92d2-65f2f369fa4f.mov\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"1b40216e781b4bcd4d1bf5180aa505c266b29082"}},"sourceBranch":"main","suggestedTargetBranches":["8.8"],"targetPullRequestStates":[{"branch":"8.8","label":"v8.8.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.9.0","labelRegex":"^v8.9.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/156702","number":156702,"mergeCommit":{"message":"[Security
Solution][Investigations] - fix opening flyout, and clear filters
(#156702)\n\n## Summary\r\n\r\nThis PR fixes the following
issue\r\nhttps://github.com//issues/156590 where a
users\r\nconfiguration for their alert page filters can prevent them
from seeing\r\nthe alert in the table. In this PR we clear the filters
to only show the\r\nrequired status filter, with no selection, to rely
primarily on the kql\r\nquery filter for the alert id.\r\n\r\nDemo:
\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236332095-ac5583ec-6b5f-4ee2-9c23-9391b54263ba.mov\r\n\r\n\r\nIt
also fixes a bug where the flyout when opened wasn't unmounted
when\r\nnavigating away from a page and back to it as seen
here:\r\n\r\nThe
bug:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236333550-b41925f9-a06c-4aa9-931b-beecf4c9ae9b.mov\r\n\r\nWith
the
fix:\r\n\r\n\r\nhttps://user-images.githubusercontent.com/17211684/236334123-a0e3169e-2ec8-4754-92d2-65f2f369fa4f.mov\r\n\r\n\r\n###
Checklist\r\n\r\nDelete any items that are not applicable to this
PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common
scenarios\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"1b40216e781b4bcd4d1bf5180aa505c266b29082"}}]}]
BACKPORT-->

Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Investigations Security Solution Threat Hunting Investigations Team Team:Threat Hunting Security Solution Threat Hunting Team v8.8.0 v8.9.0

Projects

None yet

Development

Successfully merging this pull request may close these issues.

8 participants