[Cloud Security] Misconfiguration preview & Refactor CSP Plugin to include new package PHASE 4#191677
Conversation
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
tiansivive
left a comment
There was a problem hiding this comment.
LGTM from Entity Analytics
|
/ci |
…n' of github.com:animehart/kibana into misconfiguration-preview-refactor-phase-4-implementation
|
From Cypress perspective there is work pending to be done to merge this PR. As it is, this test is not going to be executed in any of our existing pipelines:
Please feel free to setup a meeting with @elastic/security-engineering-productivity to let you know which are the correct steps to make this happen. |
| createMockFinding(); | ||
| expandFirstAlertHostFlyout(); | ||
| cy.log('check if Misconfiguration preview section rendered'); | ||
| cy.get(HOST_INSIGHT_MISCONFIGURATION).should('exist'); |
There was a problem hiding this comment.
For robustness, is better to check that the element is visible, since the element can exist on the dom but can be not visible for the end user.
| cy.get(HOST_INSIGHT_MISCONFIGURATION).should('exist'); | ||
|
|
||
| cy.log('check if Misconfiguration preview title shown'); | ||
| cy.get(HOST_INSIGHT_MISCONFIGURATION_TITLE).should('exist'); |
There was a problem hiding this comment.
|
I will move the cypress test in separate ticket/PR then as it seems that there's quite a lot of stuff to do (too much for this 1 PR) |
…eeds to be done before we are able to run cypress on ci, will do this on separate PR later on
…n' of github.com:animehart/kibana into misconfiguration-preview-refactor-phase-4-implementation
opauloh
left a comment
There was a problem hiding this comment.
just a few more comments
| ) => { | ||
| const passed = buckets.find((bucket) => bucket?.key === 'passed'); | ||
| const failed = buckets.find((bucket) => bucket?.key === 'failed'); | ||
| const noStatus = buckets.find((bucket) => bucket?.key === 'unknown'); |
There was a problem hiding this comment.
it seems inconsistent to use noStatus pointing to unknown, I think it could be unknown instead.
| passed: { match: { 'result.evaluation': 'passed' } }, | ||
| failed: { match: { 'result.evaluation': 'failed' } }, | ||
| }, | ||
| }, | ||
| }, | ||
| }); | ||
|
|
||
| export const getMisconfigurationAggregationCount = ( | ||
| buckets: Array<estypes.AggregationsStringRareTermsBucketKeys | undefined> | ||
| ) => { | ||
| const passed = buckets.find((bucket) => bucket?.key === 'passed'); | ||
| const failed = buckets.find((bucket) => bucket?.key === 'failed'); | ||
| const noStatus = buckets.find((bucket) => bucket?.key === 'unknown'); |
There was a problem hiding this comment.
better to avoid those magic strings to avoid potential typos and improve maintainability, what about defining those status in a constant:
const RESULT_EVALUATION = {
PASSED: 'passed',
FAILED: 'failed',
UNKNOWN: 'unknown',
};
export const getFindingsCountAggQueryMisconfigurationPreview = () => ({
count: {
filters: {
other_bucket_key: RESULT_EVALUATION.UNKNOWN,
filters: {
[RESULT_EVALUATION.PASSED]: { match: { 'result.evaluation': RESULT_EVALUATION.PASSED } },
[RESULT_EVALUATION.FAILED]: { match: { 'result.evaluation': RESULT_EVALUATION.FAILED } },
},
},
},
});There was a problem hiding this comment.
nit: maybe this can be improved to use a single .reducer function instead of 3 .find functions.
| <EuiTitle | ||
| size="s" | ||
| css={css` | ||
| font-weight: ${euiTheme.font.weight.bold}; |
| count: getMisconfigurationAggregationCount( | ||
| Object.entries(aggregations.count.buckets).map(([key, value]) => ({ | ||
| key, | ||
| doc_count: value.doc_count || 0, | ||
| })) | ||
| ), |
There was a problem hiding this comment.
since we already have a getMisconfigurationAggregationCount function, it's better to have it handle the object parsing so the function is easier to consume:
return {
count: getMisconfigurationAggregationCount(aggregations.count.buckets)
};| id="observedEntity-accordion" | ||
| data-test-subj="entityInsightTestSubj" | ||
| buttonProps={{ | ||
| 'data-test-subj': 'observedEntity-accordion-button', |
There was a problem hiding this comment.
better avoid using existing identifiers:
| id="observedEntity-accordion" | |
| data-test-subj="entityInsightTestSubj" | |
| buttonProps={{ | |
| 'data-test-subj': 'observedEntity-accordion-button', | |
| id="entityInsight-accordion" | |
| data-test-subj="entityInsightTestSubj" | |
| buttonProps={{ | |
| 'data-test-subj': 'entityInsight-accordion-button', |
| css={css` | ||
| font-weight: ${euiTheme.font.weight.bold}; | ||
| `} |
There was a problem hiding this comment.
same question about the EuiTitle
…n' of github.com:animehart/kibana into misconfiguration-preview-refactor-phase-4-implementation
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Module Count
Public APIs missing comments
Async chunks
History
To update your PR or re-run it, just comment with: |
…lugin PHASE 1 (#192114) ## Summary In an attempt to make Reviewing easier and more accurate, the implementation of Misconfiguration Data grid on Host.name flyout in Alerts Page will be split into 2 Phases Phase 1: Move Functions, Utils or Helpers, Hooks, constants to Package Phase 2: Implementing the feature This is Phase 1 of the process This PR also include a small bug fix mentioned here #191677 (review) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

The previous #190105 was way too big and made it hard to review without missing any bugs or potential bugs, Thus we decided we are going to make series of smaller PR to make things more manageable
We will be splitting it into 4 PR
Phase 1: Creating empty packages for csp and csp-common
Phase 2: Move Types from CSP plugin to the Package + Deleting duplicates in the CSP plugin where possible
Phase 3: Move Functions, Utils or Helpers, Hooks to Package
Phase 4: Misconfiguration Preview feature (with Cypress test and other required test)
This is Phase 4 of the Process,