[EDR Workflows][Device Control] Username option available only for Windows#233487
Conversation
szwarckonrad
added
release_note:skip
| ] as const, | ||
|
|
||
| /** Fields available only for Windows OS exclusively */ | ||
| WINDOWS_ONLY: [TrustedDeviceConditionEntryField.USERNAME] as const, |
There was a problem hiding this comment.
Not used, added for clarity.
There was a problem hiding this comment.
i'd suggest to use it. it can be easily used in the function below in the same style as the ALL_OS array. therefore we would have a single source of truth, because now you need to modify the array in two places
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
szwarckonrad
requested review from
gergoabraham,
paul-tavares and
sdesalas
and removed request for
ashokaditya and
pzl
| ] as const, | ||
|
|
||
| /** Fields available only for Windows OS exclusively */ | ||
| WINDOWS_ONLY: [TrustedDeviceConditionEntryField.USERNAME] as const, |
There was a problem hiding this comment.
i'd suggest to use it. it can be easily used in the function below in the same style as the ALL_OS array. therefore we would have a single source of truth, because now you need to modify the array in two places
| // USERNAME field is only available for Windows-only OS selection | ||
| if (field === TrustedDeviceConditionEntryField.USERNAME) { | ||
| return osTypes.length === 1 && osTypes.includes(OperatingSystem.WINDOWS); | ||
| } | ||
|
|
||
| // All other fields are available for any OS combination |
There was a problem hiding this comment.
nit: i feel these comments are a bit redundant: if we use WINDOWS_ONLY above, and then ALL_OS here is already used, the comments are not only just taking up place without adding any additional value to an easily understandable function, but are also adding maintenance cost as they need to be updated all the time manually (copilotly?) when code changes happen.
| setHasUserSelectedOs(true); | ||
| setHasFormChanged(true); | ||
|
|
||
| // Determine if we need to reset the field due to USERNAME availability change |
There was a problem hiding this comment.
nit: again, i'd vote against this kind of comment verbosity in general - it gets easily outdated, adds maintenance cost, makes us avoid reading code because it's easier to read comments, but comments may lie.
i'm perfectly fine for adding comments when they it's sensible, because from code it is very hard to find out the whys, but otherwise, i'm all for clean code practices like using clean variable names, like you did here: shouldResetValue speaks on its own.
this is not a finding, these are just my thoughts, and please let me know yours.
denar50
left a comment
denar50
left a comment
There was a problem hiding this comment.
Code owners review only. LGTM!
There was a problem hiding this comment.
Pull Request Overview
This PR implements OS-specific field availability for trusted devices, restricting the USERNAME field to Windows-only OS selection while allowing other fields for all OS combinations. The changes ensure proper validation both on the frontend (form) and backend (server validation) with comprehensive test coverage.
- Dynamic field filtering in the trusted devices form based on OS selection
- Server-side validation to enforce USERNAME field restriction to Windows-only OS
- Comprehensive test coverage for both form behavior and API validation scenarios
Reviewed Changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| trusted_devices.ts | Added API integration tests validating USERNAME field OS restrictions |
| trusted_device_validator.ts | Added server-side validation for OS-specific field availability |
| form.tsx | Implemented dynamic field filtering and automatic field reset logic |
| form.test.tsx | Updated unit tests to cover OS-based field availability scenarios |
| artifacts.ts | Fixed selector specificity for OS option selection |
| artifacts_page.ts | Updated test data to use HOST field instead of USERNAME for compatibility |
| trusted_devices.cy.ts | Updated Cypress tests to reflect USERNAME field Windows-only restriction |
| exceptions_list_item_generator.ts | Changed default field from USERNAME to HOST for broader OS compatibility |
| index.ts | Added utility function and constants for OS-specific field availability |
| index.test.ts | Added comprehensive unit tests for the new field availability utility |
...y/plugins/security_solution/public/management/pages/trusted_devices/view/components/form.tsx
Show resolved
Hide resolved
💚 Build Succeeded
Metrics [docs]Public APIs missing comments
Async chunks
Saved Objects .kibana field count
History
|
…ndows (elastic#233487) Updated trusted devices form to only allow the username field when Windows OS is selected exclusively. The field is now hidden for Mac only or Windows+Mac combinations, with automatic field reset when OS changes. Changes - Frontend: Dynamic field filtering in trusted devices form with automatic reset logic - Backend: Server-side validation to enforce username + Windows-only restriction - Shared utilities: Added isTrustedDeviceFieldAvailableForOs() function and OS field availability constants - Tests: Updated form unit tests and added comprehensive API integration tests - Test data: Fixed generators to avoid invalid username + non-Windows combinations https://github.com/user-attachments/assets/fcec7391-dd02-4b35-bef9-758815164901 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…ndows (elastic#233487) Updated trusted devices form to only allow the username field when Windows OS is selected exclusively. The field is now hidden for Mac only or Windows+Mac combinations, with automatic field reset when OS changes. Changes - Frontend: Dynamic field filtering in trusted devices form with automatic reset logic - Backend: Server-side validation to enforce username + Windows-only restriction - Shared utilities: Added isTrustedDeviceFieldAvailableForOs() function and OS field availability constants - Tests: Updated form unit tests and added comprehensive API integration tests - Test data: Fixed generators to avoid invalid username + non-Windows combinations https://github.com/user-attachments/assets/fcec7391-dd02-4b35-bef9-758815164901 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
…ndows (elastic#233487) Updated trusted devices form to only allow the username field when Windows OS is selected exclusively. The field is now hidden for Mac only or Windows+Mac combinations, with automatic field reset when OS changes. Changes - Frontend: Dynamic field filtering in trusted devices form with automatic reset logic - Backend: Server-side validation to enforce username + Windows-only restriction - Shared utilities: Added isTrustedDeviceFieldAvailableForOs() function and OS field availability constants - Tests: Updated form unit tests and added comprehensive API integration tests - Test data: Fixed generators to avoid invalid username + non-Windows combinations https://github.com/user-attachments/assets/fcec7391-dd02-4b35-bef9-758815164901 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Updated trusted devices form to only allow the username field when Windows OS is selected exclusively. The field is now hidden for Mac only or Windows+Mac combinations, with automatic field reset when OS changes.
Changes
Screen.Recording.2025-09-01.at.11.14.19.mov