[Security Solution][Detections] - Fix query preview bugs + tests

[yctercero]

Summary

Fixes the following in the rule query preview feature:

• toasters were previously just showing an error message, not the details. Updated to use addError so now user can click to view details
• disables eql query preview button while request is loading
• moved to use existing search strategy pattern, this resolved the react memory leak error encountered when moving away from page before preview resolved
• removes super descriptive someAriaId
• adds tests 🎺 🎉

Checklist

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

[yctercero]

@XavierM please let me know if this is what you were thinking.

[XavierM]

Yes but the const bucketEmpty need to go on line 34 ;)

[yctercero]

@patrykkopycinski @angorayc @XavierM Is this change here ok? addDanger only shows an error message, while addError allows the user to click to view full error details.

[XavierM]

we might need to change it everywhere for consistency, but we can take care of that. Thank you!

[yctercero]

There's an existing bug with warnings, working on the fix in a separate PR to keep these small-ish.

[yctercero]

@patrykkopycinski I was able to test this hook more thoroughly, and was going to do the same for useMatrixHistogram but required one small change of first declaring the variable let subscription$ and then assigning it. Otherwise, the tests failed saying the variable was unreachable. If this seems like an ok change, happy to add similar tests to useMatrixHistogram.

[madirey]

👍

[rylnd]

Looking good so far! Just a few minor things. Big remaining one is the syncing of validity to the preview button; I hit that a bunch in testing this.

[rylnd]

This seems a bit strange to me. Is one of the comparisons meant to be a type check? If they're both numbers I think the latter check should be sufficient

[rylnd]

I'm not sure if it's the implementation here or something else, but I see a behavioral difference between the EQL preview loading and the other query previews loading. With EQL it does not populate the histogram with the loader:

[yctercero]

Yea, I wanted to try to keep the PRs smallish - so I focused on fixing the bugs/tests with the api here and have a sequel "preview_buggies_2" that addresses these issues (#80110). I promise it's a really good sequel 😄

It currently includes the changes from this PR, but if you check out the last 2 commits you can see the new changes.

[yctercero]

Had been trying to have smaller PRs, but going to just address the comments from here in this new PR that tackles all known bugs at once - #80110

[kibanamachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request
• Commit: 552b41f

Metrics [docs]

async chunks size

id	before	after	diff
securitySolution	10.6MB	10.6MB	+3.8KB

page load bundle size

id	before	after	diff
securitySolution	593.2KB	600.5KB	+7.2KB

History

• 💚 Build #80634 succeeded 32d5421247ea2e509b4950219f1e024b0bfecc10

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream