Skip to content

Rename Resolver types to include 'Resolver' #69926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
oatkiller merged 1 commit into from
Jun 25, 2020
Merged

Rename Resolver types to include 'Resolver' #69926

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions x-pack/plugins/security_solution/common/endpoint/types.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ export interface ResolverNodeStats {
/**
* A child node can also have additional children so we need to provide a pagination cursor.
*/
export interface ChildNode extends LifecycleNode {
export interface ResolverChildNode extends ResolverLifecycleNode {
Copy link
Copy Markdown
Contributor

@bkimmel bkimmel Jun 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❔ I've been trying to stop saying "Resolver" as much in favor of "GTV", I know they are changing the name for this officially, so it might be worth asking when we stop calling it that in our code? I'm not suggesting "right here, right now" just want to flag the issue.

Copy link
Copy Markdown
Contributor Author

@oatkiller oatkiller Jun 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few thoughts here:

  1. I think that naming a project too early can be dangerous. If the scope and definition of a project is complete (won't change ever again), then naming it in a way that describes what it does is fine. But if you rename something like Resolver to 'Graphical Timeline', then people start thinking 'oh we should do A because this is a graphical timeline', or 'we shouldn't do b, because that doesn't fit the description of a graphical timeline.' Resolver isn't mature and its definition is going to be changing every release.
  2. I'm hoping that this project isn't always specific to Security Solution. 'Graphical Timeline' is a branding term for a specific feature in Security Solution. That feature uses Resolver, but Resolver might be used elsewhere for other things. In other words, I'm thinking of Resolver as the mapping/graphing technology.
  3. If the term Graphical Timeline sticks around long enough that there becomes confusion, then we should reconsider the name of the project. I'm in a meeting right now and I've heard 'Resolver' said many times.
  4. Graphical Timeline is an awkward name for a code project. Having a generic and vague name might be good for branding, but it would probably be confusing in our code base. For one thing, Resolver is entirely unrelated to Timeline, which is also a project in Security Solution.

/**
* A child node's pagination cursor can be null for a couple reasons:
* 1. At the time of querying it could have no children in ES, in which case it will be marked as
Expand All @@ -89,7 +89,7 @@ export interface ChildNode extends LifecycleNode {
* has an array of lifecycle events.
*/
export interface ResolverChildren {
childNodes: ChildNode[];
childNodes: ResolverChildNode[];
/**
* This is the children cursor for the origin of a tree.
*/
Expand All @@ -116,7 +116,7 @@ export interface ResolverTree {
/**
* The lifecycle events (start, end etc) for a node.
*/
export interface LifecycleNode {
export interface ResolverLifecycleNode {
entityID: string;
lifecycle: ResolverEvent[];
/**
Expand All @@ -132,7 +132,7 @@ export interface ResolverAncestry {
/**
* An array of ancestors with the lifecycle events grouped together
*/
ancestors: LifecycleNode[];
ancestors: ResolverLifecycleNode[];
/**
* A cursor for retrieving additional ancestors for a particular node. `null` indicates that there were no additional
* ancestors when the request returned. More could have been ingested by ES after the fact though.
Expand Down
6 changes: 3 additions & 3 deletions x-pack/plugins/security_solution/public/resolver/store/middleware.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ import {
ResolverEvent,
ResolverChildren,
ResolverAncestry,
LifecycleNode,
ResolverLifecycleNode,
ResolverNodeStats,
ResolverRelatedEvents,
} from '../../../common/endpoint/types';
Expand All @@ -25,10 +25,10 @@ type MiddlewareFactory<S = ResolverState> = (
) => (next: Dispatch<ResolverAction>) => (action: ResolverAction) => unknown;

function getLifecycleEventsAndStats(
nodes: LifecycleNode[],
nodes: ResolverLifecycleNode[],
stats: Map<string, ResolverNodeStats>
): ResolverEvent[] {
return nodes.reduce((flattenedEvents: ResolverEvent[], currentNode: LifecycleNode) => {
return nodes.reduce((flattenedEvents: ResolverEvent[], currentNode: ResolverLifecycleNode) => {
if (currentNode.lifecycle && currentNode.lifecycle.length > 0) {
flattenedEvents.push(...currentNode.lifecycle);
}
Expand Down
10 changes: 7 additions & 3 deletions x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_helper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,19 @@ import {
parentEntityId,
isProcessStart,
} from '../../../../../common/endpoint/models/event';
import { ChildNode, ResolverEvent, ResolverChildren } from '../../../../../common/endpoint/types';
import {
ResolverChildNode,
ResolverEvent,
ResolverChildren,
} from '../../../../../common/endpoint/types';
import { PaginationBuilder } from './pagination';
import { createChild } from './node';

/**
* This class helps construct the children structure when building a resolver tree.
*/
export class ChildrenNodesHelper {
private readonly cache: Map<string, ChildNode> = new Map();
private readonly cache: Map<string, ResolverChildNode> = new Map();

constructor(private readonly rootID: string) {
this.cache.set(rootID, createChild(rootID));
Expand All @@ -27,7 +31,7 @@ export class ChildrenNodesHelper {
* Constructs a ResolverChildren response based on the children that were previously add.
*/
getNodes(): ResolverChildren {
const cacheCopy: Map<string, ChildNode> = new Map(this.cache);
const cacheCopy: Map<string, ResolverChildNode> = new Map(this.cache);
const rootNode = cacheCopy.get(this.rootID);
let rootNextChild = null;

Expand Down
6 changes: 3 additions & 3 deletions x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import {
ResolverRelatedEvents,
ResolverAncestry,
ResolverRelatedAlerts,
LifecycleNode,
ResolverLifecycleNode,
ResolverEvent,
} from '../../../../../common/endpoint/types';
import {
Expand Down Expand Up @@ -143,7 +143,7 @@ export class Fetcher {
return tree;
}

private async getNode(entityID: string): Promise<LifecycleNode | undefined> {
private async getNode(entityID: string): Promise<ResolverLifecycleNode | undefined> {
const query = new LifecycleQuery(this.eventsIndexPattern, this.endpointID);
const results = await query.search(this.client, entityID);
if (results.length === 0) {
Expand Down Expand Up @@ -186,7 +186,7 @@ export class Fetcher {

// bucket the start and end events together for a single node
const ancestryNodes = results.reduce(
(nodes: Map<string, LifecycleNode>, ancestorEvent: ResolverEvent) => {
(nodes: Map<string, ResolverLifecycleNode>, ancestorEvent: ResolverEvent) => {
const nodeId = entityId(ancestorEvent);
let node = nodes.get(nodeId);
if (!node) {
Expand Down
11 changes: 7 additions & 4 deletions x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/node.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
import {
ResolverEvent,
ResolverAncestry,
LifecycleNode,
ResolverLifecycleNode,
ResolverRelatedEvents,
ResolverTree,
ChildNode,
ResolverChildNode,
ResolverRelatedAlerts,
} from '../../../../../common/endpoint/types';

Expand Down Expand Up @@ -49,7 +49,7 @@ export function createRelatedAlerts(
*
* @param entityID the entity_id of the child
*/
export function createChild(entityID: string): ChildNode {
export function createChild(entityID: string): ResolverChildNode {
const lifecycle = createLifecycle(entityID, []);
return {
...lifecycle,
Expand All @@ -70,7 +70,10 @@ export function createAncestry(): ResolverAncestry {
* @param id the entity_id that these lifecycle nodes should have
* @param lifecycle an array of lifecycle events
*/
export function createLifecycle(entityID: string, lifecycle: ResolverEvent[]): LifecycleNode {
export function createLifecycle(
entityID: string,
lifecycle: ResolverEvent[]
): ResolverLifecycleNode {
return { entityID, lifecycle };
}

Expand Down
18 changes: 11 additions & 7 deletions x-pack/test/api_integration/apis/endpoint/resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
import _ from 'lodash';
import expect from '@kbn/expect';
import {
ChildNode,
LifecycleNode,
ResolverChildNode,
ResolverLifecycleNode,
ResolverAncestry,
ResolverEvent,
ResolverRelatedEvents,
Expand Down Expand Up @@ -35,7 +35,7 @@ import { Options, GeneratedTrees } from '../../services/resolver';
* @param node a lifecycle node containing the start and end events for a node
* @param nodeMap a map of entity_ids to nodes to look for the passed in `node`
*/
const expectLifecycleNodeInMap = (node: LifecycleNode, nodeMap: Map<string, TreeNode>) => {
const expectLifecycleNodeInMap = (node: ResolverLifecycleNode, nodeMap: Map<string, TreeNode>) => {
const genNode = nodeMap.get(node.entityID);
expect(genNode).to.be.ok();
compareArrays(genNode!.lifecycle, node.lifecycle, true);
Expand All @@ -49,7 +49,11 @@ const expectLifecycleNodeInMap = (node: LifecycleNode, nodeMap: Map<string, Tree
* @param verifyLastParent a boolean indicating whether to check the last ancestor. If the ancestors array intentionally
* does not contain all the ancestors, the last one will not have the parent
*/
const verifyAncestry = (ancestors: LifecycleNode[], tree: Tree, verifyLastParent: boolean) => {
const verifyAncestry = (
ancestors: ResolverLifecycleNode[],
tree: Tree,
verifyLastParent: boolean
) => {
// group the ancestors by their entity_id mapped to a lifecycle node
const groupedAncestors = _.groupBy(ancestors, (ancestor) => ancestor.entityID);
// group by parent entity_id
Expand Down Expand Up @@ -97,7 +101,7 @@ const verifyAncestry = (ancestors: LifecycleNode[], tree: Tree, verifyLastParent
*
* @param ancestors an array of ancestor nodes
*/
const retrieveDistantAncestor = (ancestors: LifecycleNode[]) => {
const retrieveDistantAncestor = (ancestors: ResolverLifecycleNode[]) => {
// group the ancestors by their entity_id mapped to a lifecycle node
const groupedAncestors = _.groupBy(ancestors, (ancestor) => ancestor.entityID);
let node = ancestors[0];
Expand All @@ -124,7 +128,7 @@ const retrieveDistantAncestor = (ancestors: LifecycleNode[]) => {
* @param childrenPerParent an optional number to compare that there are a certain number of children for each parent
*/
const verifyChildren = (
children: ChildNode[],
children: ResolverChildNode[],
tree: Tree,
numberOfParents?: number,
childrenPerParent?: number
Expand Down Expand Up @@ -210,7 +214,7 @@ const verifyStats = (
* @param categories the related event info used when generating the resolver tree
*/
const verifyLifecycleStats = (
nodes: LifecycleNode[],
nodes: ResolverLifecycleNode[],
categories: RelatedEventInfo[],
relatedAlerts: number
) => {
Expand Down