[Security Solution] DetectionRulesClient: return RuleResponse from all methods
#186179
Conversation
nikitaindik
added
refactoring
release_note:skip
|
/ci |
nikitaindik
changed the title
RuleResponse from all methodsDetectionRulesClient: return RuleResponse from all methods
nikitaindik
force-pushed
the
detection-rules-client-pr-5
branch
from
2b9f24a
to
c838747
Compare
|
/ci |
nikitaindik
force-pushed
the
detection-rules-client-pr-5
branch
from
c838747
to
bf56a9a
Compare
|
/ci |
…ce it won't do anything
nikitaindik
force-pushed
the
detection-rules-client-pr-5
branch
from
9294d6c
to
8d3fe01
Compare
|
/ci |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
| clients.rulesClient.find.mockResolvedValue(getEmptyFindResult()); | ||
| clients.rulesClient.update.mockResolvedValue(importedRule); |
There was a problem hiding this comment.
As rulesClient becomes an internal implementation detail. I think it would be best to start mocking the detectionRulesClient instead.
| clients.detectionRulesClient.importRule.mockResolvedValue(importedRule); | ||
| clients.detectionRulesClient.importRule.mockResolvedValue({ | ||
| ...getRulesSchemaMock(), | ||
| rule_id: importedRule.params.ruleId, |
There was a problem hiding this comment.
importedRule.params is an internal data representation of the rules client. Is it possible to avoid relying on it in tests and use our RuleResponse representation?
| @@ -39,16 +45,26 @@ export const patchRule = async ( | |||
|
|
|||
| const patchedRule = convertPatchAPIToInternalSchema(nextParams, existingRule); | |||
There was a problem hiding this comment.
Out of the scope of this PR, but we need to split convertPatchAPIToInternalSchema into two methods:
- Merge patch params with the existing rule
- Convert the rule to internal Alerting representation
| }); | ||
| } | ||
|
|
||
| /* Trying to convert an internal rule to a RuleResponse object */ | ||
| const parseResult = RuleResponse.safeParse(transform(importedInternalRule)); |
There was a problem hiding this comment.
I think we need to use internalRuleToAPIResponse instead of transform here. If a rule has an incorrect rule type, the validation will fail at the RuleResponse parse stage, but the error would be more cryptic. I suggest reviewing all cases where transform is used and replacing them with internalRuleToAPIResponse.
|
Thanks @xcrzx! I have addressed the comments. The PR can be reviewed again. |
| const { enabled } = await toggleRuleEnabledOnUpdate( | ||
| rulesClient, | ||
| existingRule, | ||
| nextParams.enabled | ||
| ); |
There was a problem hiding this comment.
Can this function throw exceptions? If yes, I'd suggest to think about if we should add error handling to it so it's safe to call.
The case I'm thinking about is: if the await rulesClient.update call above was successful, how should we handle a failure of the subsequent enable/disable call?
| /* Trying to convert an internal rule to a RuleResponse object */ | ||
| const parseResult = RuleResponse.safeParse(internalRuleToAPIResponse(importedInternalRule)); | ||
|
|
||
| if (!parseResult.success) { | ||
| throw new RuleResponseValidationError({ | ||
| message: stringifyZodError(parseResult.error), | ||
| ruleId: importedInternalRule.params.ruleId, | ||
| }); | ||
| } | ||
|
|
||
| return parseResult.data; |
There was a problem hiding this comment.
Now when this is duplicated in all of the methods, I think it's time to extract this into a function.
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
To update your PR or re-run it, just comment with: cc @nikitaindik |
|
Hey @banderror! I went ahead and merged the PR to let @xcrzx build his changes on top of it more easily. I have added both your suggestions to the checklist in the issue. Will address them in the next PR. |
…m all methods (elastic#186179) **Partially addresses: elastic#184364 ## Summary This PR is a follow-up to [PR elastic#185748](elastic#185748) and it converts the remaining `DetectionRulesClient` methods to return `RuleResponse`. Changes in this PR: - These methods now return `RuleResponse` instead of internal `RuleAlertType` type: - `updateRule` - `patchRule` - `upgradePrebuiltRule` - `importRule`
Partially addresses: #184364
Summary
This PR is a follow-up to PR #185748 and it converts the remaining
DetectionRulesClientmethods to returnRuleResponse.Changes in this PR:
RuleResponseinstead of internalRuleAlertTypetype:updateRulepatchRuleupgradePrebuiltRuleimportRule