[Security Solution] Rule Updates in bulk with conflicts #196776
Conversation
| export const performUpgradeAllRules = async (): Promise<PerformRuleUpgradeResponseBody> => | ||
| KibanaServices.get().http.fetch(PERFORM_RULE_UPGRADE_URL, { | ||
| method: 'POST', | ||
| version: '1', | ||
| body: JSON.stringify({ | ||
| mode: 'ALL_RULES', | ||
| pick_version: 'TARGET', | ||
| }), | ||
| }); | ||
|
|
There was a problem hiding this comment.
Deleting this since from now onwards the frontend client will never be just sending a request to update ALL rules, since some of them might have conflicts: we want to filter those out before making the request, which is done in this PR.
API users can still send this type request, and will get detailed errors if there are conflicts.
jpdjere
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Hi! I worked on this feature and it's basically done. You can take a look at the video as a demo. Only question is: I wrote the texts of the modal myself. Want to take a look at it and decide if we should involve the docs team here for input? |
jpdjere
added
the
backport:prev-minor
@jpdjere By default, we involve the Docs team for reviewing any UI copies. For their convenience, it would be great if you could please add screenshots of every copy to the PR description, and tag @joepeeples near every corresponding place in the code. |
|
Hi @jpdjere, what is the scope of this PR? I'm looking at the linked ticket requirements:
This doesn't seem to be implemented: Screen.Recording.2024-10-22.at.17.34.09.mov |
|
The implementation also doesn't match the Upgrade All button behavior:
All rules are being upgraded, regardless of conflicts. Screen.Recording.2024-10-22.at.17.41.32.movThe page also crashes in the end. |
|
@xcrzx Are you sure you pulled the right branch and pulled the latest changes? Everything you mentioned above is what I implemented; see the video that I posted in the PR description above. Also, since the PR changes the default pick_version in the request payload from |
There was a problem hiding this comment.
Tested the PR locally with both rule customization enabled and disabled, using both UI and API calls. No issues found apart from minor usability concerns. Posting suggestions mostly on code structure and organisation, separation of concerns.
Also, the PR implements the rule upgrade path for rules without conflicts. What is the plan for conflict resolution?
The initial issue contains the following:
Reviewing Conflicts:
Rules that contain conflicts, including those with solvable conflicts, must be reviewed before they can be upgraded. Users need to open the upgrade preview, review the proposed changes, and then decide whether to accept or decline the changes.
Currently, it's not possible to accept or decline the changes. Is this going to be implemented separately?
Additionally, the PR doesn't contain any tests. What is the plan for covering the introduced functionality with tests?
| @@ -67,3 +90,7 @@ export const UpgradePrebuiltRulesTableButtons = ({ | |||
| </EuiFlexGroup> | |||
| ); | |||
| }; | |||
|
|
|||
| function isAllRuleHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) { | |||
There was a problem hiding this comment.
A slightly more grammatically correct name for the function could be:
| function isAllRuleHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) { | |
| function doAllRulesHaveConflicts(rules: Array<{ diff: { num_fields_with_conflicts: number } }>) { |
| const isAllSelectedRulesHaveConflicts = | ||
| isPrebuiltRulesCustomizationEnabled && isAllRuleHaveConflicts(selectedRules); | ||
| const isAllRulesHaveConflicts = | ||
| isPrebuiltRulesCustomizationEnabled && isAllRuleHaveConflicts(ruleUpgradeInfos); |
There was a problem hiding this comment.
And here:
isAllSelectedRulesHaveConflicts→doAllSelectedRulesHaveConflictsisAllRulesHaveConflicts→doAllRulesHaveConflicts
...curity_solution/public/detections/components/modals/upgrade_conflicts_modal/translations.tsx
Outdated
Show resolved
Hide resolved
...gins/security_solution/public/detections/components/modals/upgrade_conflicts_modal/index.tsx
Outdated
Show resolved
Hide resolved
| /** | ||
| * Rule upgrade state (all rules available for upgrade) | ||
| */ | ||
| ruleUpgradeInfos: RuleUpgradeInfoForReview[]; | ||
| /** | ||
| * Rule upgrade state after applying `filterOptions` | ||
| */ |
There was a problem hiding this comment.
We can improve naming here for more clarity:
ruleUpgradeInfos -> allUpgradeableRules
rulesUpgradeState -> filteredUpgradeableRules
There was a problem hiding this comment.
Not directly related to this PR, but the rulesUpgradeState seems to contain not only the currently filtered rules but also some additional state, such as final rule versions. Mixing these two states together feels like poor design, but perhaps I'm missing some context here. I'd be happy to discuss the state composition in more detail, let's sync up on that.
There was a problem hiding this comment.
Hey @xcrzx,
do you still have concerns regarding rulesUpgradeState type and would like to discuss that?
There was a problem hiding this comment.
Yes, let's sync on this. I'll send an invite
...components/rules_table/upgrade_prebuilt_rules_table/upgrade_prebuilt_rules_table_context.tsx
Outdated
Show resolved
Hide resolved
| const getRulesWithConflicts = useCallback( | ||
| (ruleIds?: RuleSignatureId[]) => { | ||
| // If no rules are selected (update all rules case), then check all rules | ||
| const rulesSelectedForUpgrade = ruleIds ?? Object.keys(rulesUpgradeState); | ||
| const rulesToUpgrade = rulesSelectedForUpgrade.map((ruleId) => rulesUpgradeState[ruleId]); |
There was a problem hiding this comment.
We need to handle a situation where ruleId is not found in rulesUpgradeState. Let's at least add an invariant, something like:
const rule = rulesUpgradeState[ruleId];
invariant(rule, `Rule with ID ${ruleId} not found in rulesUpgradeState`);This way, we get an easily recognizable error message instead of cannot read property xxx of undefined later on.
There was a problem hiding this comment.
Added exception handling and toast in the UI:
| // Prepare payload for upgrade with rules with no conflicts | ||
| const ruleIdsWithConflicts = rulesWithConflicts.map((rule) => rule.rule_id); | ||
| const rulesToUpgradeWithNoConflicts = isPrebuiltRulesCustomizationEnabled | ||
| ? rulesToUpgrade.filter((rule) => !ruleIdsWithConflicts.includes(rule.rule_id)) |
There was a problem hiding this comment.
Set.has will be orders of magnitude faster for a larger number of rules than Array.includes, as it has O(1) time complexity compared to O(n) for arrays. I'd suggest using a Set for ruleIdsWithConflicts.
...curity_solution/public/detections/components/modals/upgrade_conflicts_modal/translations.tsx
Outdated
Show resolved
Hide resolved
...curity_solution/public/detections/components/modals/upgrade_conflicts_modal/translations.tsx
Outdated
Show resolved
Hide resolved
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/modals/upgrade_conflicts_modal/translations.tsx Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/modals/upgrade_conflicts_modal/translations.tsx Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/translations.ts Co-authored-by: Nastasha Solomon <[email protected]>
…tion_engine/rules/translations.ts Co-authored-by: Nastasha Solomon <[email protected]>
…management_ui/components/rules_table/upgrade_prebuilt_rules_table/translations.ts Co-authored-by: Nastasha Solomon <[email protected]>
xcrzx
force-pushed
the
bulk-upgrade-rules-changes
branch
from
fc534b2
to
f360a7d
Compare
xcrzx
added
backport:version
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11778555159 |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
cc @jpdjere |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
Resolves: elastic#180589 ## Summary - Handles bulk updating of rules with conflicts in the Rule Upgrades table. See detailed requirements implemented in ticket linked above. - Changes default `pick_version` of both the `/upgrade/_perform` endpoint, and of the request payloads for that endpoint from the frontend, from `TARGET` to `MERGED`, when the `isPrebuiltRulesCustomizationEnabled` is `true`. - **Also:** handles issue in `/upgrade/_perform` endpoint with the `index` and `data_view_id` fields. See file: `x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`. **See demo video:** https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697 **New copy in warning modal** <img width="1660" alt="image" src="https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4"> **Newly added tooltips:**    ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: Dmitrii <[email protected]> (cherry picked from commit 99160f5) # Conflicts: # .github/CODEOWNERS
… (#199649) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Rule Updates in bulk with conflicts (#196776)](#196776) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-11T12:29:21Z","message":"[Security Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves: https://github.com/elastic/kibana/issues/180589\r\n\r\n## Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the Rule Upgrades\r\ntable. See detailed requirements implemented in ticket linked above.\r\n- Changes default `pick_version` of both the `/upgrade/_perform`\r\nendpoint, and of the request payloads for that endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:** handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and `data_view_id` fields. See file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See demo video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New copy in warning modal**\r\n<img width=\"1660\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly added tooltips:** \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Nastasha Solomon <[email protected]>\r\nCo-authored-by: Dmitrii <[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","ui-copy","Feature:Prebuilt Detection Rules","backport:version","v8.17.0"],"number":196776,"url":"https://github.com/elastic/kibana/pull/196776","mergeCommit":{"message":"[Security Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves: https://github.com/elastic/kibana/issues/180589\r\n\r\n## Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the Rule Upgrades\r\ntable. See detailed requirements implemented in ticket linked above.\r\n- Changes default `pick_version` of both the `/upgrade/_perform`\r\nendpoint, and of the request payloads for that endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:** handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and `data_view_id` fields. See file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See demo video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New copy in warning modal**\r\n<img width=\"1660\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly added tooltips:** \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Nastasha Solomon <[email protected]>\r\nCo-authored-by: Dmitrii <[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196776","number":196776,"mergeCommit":{"message":"[Security Solution] Rule Updates in bulk with conflicts (#196776)\n\nResolves: https://github.com/elastic/kibana/issues/180589\r\n\r\n## Summary\r\n\r\n- Handles bulk updating of rules with conflicts in the Rule Upgrades\r\ntable. See detailed requirements implemented in ticket linked above.\r\n- Changes default `pick_version` of both the `/upgrade/_perform`\r\nendpoint, and of the request payloads for that endpoint from the\r\nfrontend, from `TARGET` to `MERGED`, when the\r\n`isPrebuiltRulesCustomizationEnabled` is `true`.\r\n- **Also:** handles issue in `/upgrade/_perform` endpoint with the\r\n`index` and `data_view_id` fields. See file:\r\n`x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`.\r\n\r\n**See demo video:**\r\nhttps://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697\r\n\r\n**New copy in warning modal**\r\n<img width=\"1660\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4\">\r\n\r\n**Newly added tooltips:** \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [ ] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Nastasha Solomon <[email protected]>\r\nCo-authored-by: Dmitrii <[email protected]>","sha":"99160f52d6a2e0ad4698ca8e5ac40316ebb733c9"}},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Juan Pablo Djeredjian <[email protected]>
Resolves: elastic#180589 ## Summary - Handles bulk updating of rules with conflicts in the Rule Upgrades table. See detailed requirements implemented in ticket linked above. - Changes default `pick_version` of both the `/upgrade/_perform` endpoint, and of the request payloads for that endpoint from the frontend, from `TARGET` to `MERGED`, when the `isPrebuiltRulesCustomizationEnabled` is `true`. - **Also:** handles issue in `/upgrade/_perform` endpoint with the `index` and `data_view_id` fields. See file: `x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts`. **See demo video:** https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697 **New copy in warning modal** <img width="1660" alt="image" src="https://github.com/user-attachments/assets/85632192-142a-4e12-b396-1eb2320ca3f4"> **Newly added tooltips:**    ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Nastasha Solomon <[email protected]> Co-authored-by: Dmitrii <[email protected]>
Resolves: #180589
Summary
pick_versionof both the/upgrade/_performendpoint, and of the request payloads for that endpoint from the frontend, fromTARGETtoMERGED, when theisPrebuiltRulesCustomizationEnabledistrue./upgrade/_performendpoint with theindexanddata_view_idfields. See file:x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts.See demo video: https://www.loom.com/share/90d94d2a8f16442b9a43a425eeab6697
New copy in warning modal
Newly added tooltips:
Checklist
Delete any items that are not applicable to this PR.
For maintainers