[Security Solution] One Discover - Enable Security Solution Expandable Flyout in One Discover entities #189633
Conversation
logeekal
changed the title
|
/ci |
logeekal
added
release_note:skip
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
There was a problem hiding this comment.
Thanks for getting things started on the Discover Security profile! The Data Discovery changes look great, just one comment to address about making sure the profile isn't enabled by Default in Discover yet, then it'll be good to approve on my end.
One request is that when we make the switch to actually enable the Security profile by default, we should have sufficient unit and functional tests in place for the profile, but I don't see that as necessary for this PR since it's still experimental for now.
| @@ -88,7 +89,7 @@ const extractProfileIds = (providers: Array<BaseProfileProvider<{}>>) => | |||
| providers.map(({ profileId }) => profileId); | |||
|
|
|||
| const createRootProfileProviders = (_providerServices: ProfileProviderServices) => | |||
| [] as RootProfileProvider[]; | |||
| [createSecurityRootProfileProvider(_providerServices)] as RootProfileProvider[]; | |||
There was a problem hiding this comment.
Adding createSecurityRootProfileProvider here means it will be enabled by default in Discover instead of using discover.experimental.enabledProfiles: ['security-root-profile']. I would recommend creating a separate createExperimentalRootProfileProviders function or similar to register this for now, but not adding the IDs to enabledProfileIds by default.
There was a problem hiding this comment.
@davismcphee , do you think it make sense, if I add isEnabled flag to profiles.
This way, experimental profiles will always have isEnabled as No and it can be overidden by discover.experimental.enabledProfiles.
Additionally, with that we do not have to maintain seperate enabledProfiles
There was a problem hiding this comment.
I have add the proposed solution here : 91a699c. See if this makes sense as it takes the responisbility of enabling profile providers outside of register_profile_services and profile providers can decide if profile should be enabled or not.
If not, i will be happy to revert.
There was a problem hiding this comment.
Nice, I like this approach better! My only suggestion is rather than using an isEnabled flag that every profile needs to add, what if we go with something like an optional isExperimental flag to explicitly mark only the experimental profiles?
There was a problem hiding this comment.
Works for me. Done changes here: 0739ef2.
There was a problem hiding this comment.
Creating a security subfolder for security-specific profiles seems like a good pattern to me, and we can do similar for other solutions 👍 Do you think we should update CODEOWNERS to specify both Data Discovery and Security as owners of src/plugins/discover/public/context_awareness/profile_providers/security so both teams get pinged on PRs?
There was a problem hiding this comment.
Added here: e7ed9df.
I have also added the code ownership of packages/kbn-unified-data-table to @elastic/security-threat-hunting-investigations so that we are aware of the changes done to the table.
There was a problem hiding this comment.
Great, thanks. And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes and have a chance to raise concerns if they affect your usage. Unfortunately it looks like CI reverted the CODEOWNERS changes: bff6cec. I think we may need to update packages/kbn-unified-data-table/kibana.jsonc for Unified Data Table and add the override for the security subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
There was a problem hiding this comment.
And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes
Exactly, we are trying to add as many tests so that we are aware of the changes but it is easy to miss. And as you mentioned the speed of dev is very high, for some time we would like to be apprised for changes going in.
I think we may need to update packages/kbn-unified-data-table/kibana.jsonc for Unified Data Table and add the override for the security subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
Yes, TIL about this. Done here 7ed0376
@davismcphee. I 100% agree with this statement. So far I have tried to cover the current partial code with unit tests.. Functional test will come when Flyout is fully implemented. If you think unit test are missing, feel free to point out. |
There was a problem hiding this comment.
Great, thanks. And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes and have a chance to raise concerns if they affect your usage. Unfortunately it looks like CI reverted the CODEOWNERS changes: bff6cec. I think we may need to update packages/kbn-unified-data-table/kibana.jsonc for Unified Data Table and add the override for the security subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
| const enabledRootProfileProviders = rootProfileProviders.filter( | ||
| ({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
| ); | ||
|
|
||
| const enabledDataSourceProfileProviders = dataSourceProfileProviders.filter( | ||
| ({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
| ); | ||
|
|
||
| const enabledDocumentProfileProviders = documentProfileProviders.filter( | ||
| ({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
| ); |
There was a problem hiding this comment.
Maybe we could add this filtering logic directly to registerProfileProvidersInternal instead and pass down experimentalProfileIds.
There was a problem hiding this comment.
done here: 0739ef2
| }); | ||
| const context = await rootProfileServiceMock.resolve({ solutionNavId: null }); | ||
| expect(rootProfileServiceMock.getProfile(context)).toBe(rootProfileProviderMock.profile); | ||
| }); | ||
|
|
||
| it('should not register disabled profile providers', async () => { |
There was a problem hiding this comment.
If we move the filtering logic to registerProfileProvidersInternal, we should be able to restore an updated version of this test.
There was a problem hiding this comment.
Done in the same commit as mentioned above.
| [ | ||
| exampleRootProfileProvider, | ||
| createSecurityRootProfileProvider(_providerServices), | ||
| ] as RootProfileProvider[]; |
There was a problem hiding this comment.
| ] as RootProfileProvider[]; | |
| ]; |
Nit: I think we can drop the cast now that we have entries in the array.
There was a problem hiding this comment.
👍 . Great catch. Done in the same commit as above.
| @@ -88,7 +89,7 @@ const extractProfileIds = (providers: Array<BaseProfileProvider<{}>>) => | |||
| providers.map(({ profileId }) => profileId); | |||
|
|
|||
| const createRootProfileProviders = (_providerServices: ProfileProviderServices) => | |||
| [] as RootProfileProvider[]; | |||
| [createSecurityRootProfileProvider(_providerServices)] as RootProfileProvider[]; | |||
There was a problem hiding this comment.
Nice, I like this approach better! My only suggestion is rather than using an isEnabled flag that every profile needs to add, what if we go with something like an optional isExperimental flag to explicitly mark only the experimental profiles?
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: cc @logeekal |
Note
This Change is only applicable to Serverless Security Solution as of now. In follow-up PRs, support will be added to ESS as well based data-sources such as index or intergrations.
Summary
Resolves #189151
This PR is foundation for the work described in #186783. This just enables expandable flyout for entity details, which is currently only used in security solution, in discover as well.
As a part of One Discover work, we need to make sure that cell rendering in Discover should behave exactly like it does in security solution.
To enable this, a new
shared-browserpackage@kbn/security-solution-commoninx-pack/packages/security-solutionhas been created which can used to share components betweensecurity solutionanddiscover. Below is the usage patternflowchart TD disc-utils[@kbn/discover-utils] --> sscommon sscommon[@kbn/security-solution-common] --> ssplugin[security_solution] sscommon[@kbn/security-solution-common] --> discover[discover] disc-utils[@kbn/discover-utils] --> discoverDesk Testing Guide.
kibana.ymlLoad Some data
Navigate to discover and add
host.nameas one of the column.Should open an expandable flyout as shown below.
discover_flyout.mp4
Code Review Guide
Most of the changes in the PR are code-organization. There are NO changes in security solution but only the changes to import statements.
You can focus regarding the changes in below packages: