-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] One Discover - Enable Security Solution Expandable Flyout in One Discover entities #189633
Conversation
/ci |
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Defend Workflows code review LGTM 👍
Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GenAI team code changes LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for getting things started on the Discover Security profile! The Data Discovery changes look great, just one comment to address about making sure the profile isn't enabled by Default in Discover yet, then it'll be good to approve on my end.
One request is that when we make the switch to actually enable the Security profile by default, we should have sufficient unit and functional tests in place for the profile, but I don't see that as necessary for this PR since it's still experimental for now.
@@ -88,7 +89,7 @@ const extractProfileIds = (providers: Array<BaseProfileProvider<{}>>) => | |||
providers.map(({ profileId }) => profileId); | |||
|
|||
const createRootProfileProviders = (_providerServices: ProfileProviderServices) => | |||
[] as RootProfileProvider[]; | |||
[createSecurityRootProfileProvider(_providerServices)] as RootProfileProvider[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding createSecurityRootProfileProvider
here means it will be enabled by default in Discover instead of using discover.experimental.enabledProfiles: ['security-root-profile']
. I would recommend creating a separate createExperimentalRootProfileProviders
function or similar to register this for now, but not adding the IDs to enabledProfileIds
by default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@davismcphee , do you think it make sense, if I add isEnabled
flag to profiles.
This way, experimental profiles will always have isEnabled
as No
and it can be overidden by discover.experimental.enabledProfiles
.
Additionally, with that we do not have to maintain seperate enabledProfiles
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have add the proposed solution here : 91a699c. See if this makes sense as it takes the responisbility of enabling profile providers outside of register_profile_services
and profile providers can decide if profile should be enabled or not.
If not, i will be happy to revert.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, I like this approach better! My only suggestion is rather than using an isEnabled
flag that every profile needs to add, what if we go with something like an optional isExperimental
flag to explicitly mark only the experimental profiles?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works for me. Done changes here: 0739ef2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Creating a security
subfolder for security-specific profiles seems like a good pattern to me, and we can do similar for other solutions 👍 Do you think we should update CODEOWNERS
to specify both Data Discovery and Security as owners of src/plugins/discover/public/context_awareness/profile_providers/security
so both teams get pinged on PRs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added here: e7ed9df.
I have also added the code ownership of packages/kbn-unified-data-table
to @elastic/security-threat-hunting-investigations so that we are aware of the changes done to the table.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, thanks. And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes and have a chance to raise concerns if they affect your usage. Unfortunately it looks like CI reverted the CODEOWNERS changes: bff6cec. I think we may need to update packages/kbn-unified-data-table/kibana.jsonc
for Unified Data Table and add the override for the security
subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes
Exactly, we are trying to add as many tests so that we are aware of the changes but it is easy to miss. And as you mentioned the speed of dev is very high, for some time we would like to be apprised for changes going in.
I think we may need to update packages/kbn-unified-data-table/kibana.jsonc for Unified Data Table and add the override for the security subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
Yes, TIL about this. Done here 7ed0376
@davismcphee. I 100% agree with this statement. So far I have tried to cover the current partial code with unit tests.. Functional test will come when Flyout is fully implemented. If you think unit test are missing, feel free to point out. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The latest changes look good! Just a bit of minor feedback and looks like there's a few test failures to look into, but otherwise looks good on my end.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great, thanks. And we open a lot of PRs that touch Unified Data Table, but I think it should be fine to add so you can be aware of changes and have a chance to raise concerns if they affect your usage. Unfortunately it looks like CI reverted the CODEOWNERS changes: bff6cec. I think we may need to update packages/kbn-unified-data-table/kibana.jsonc
for Unified Data Table and add the override for the security
subfolder below the autogenerated section of CODEOWNERS with the other Data Discovery ones.
const enabledRootProfileProviders = rootProfileProviders.filter( | ||
({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
); | ||
|
||
const enabledDataSourceProfileProviders = dataSourceProfileProviders.filter( | ||
({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
); | ||
|
||
const enabledDocumentProfileProviders = documentProfileProviders.filter( | ||
({ isEnabled = true, profileId }) => isEnabled || experimentalProfileIds.includes(profileId) | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we could add this filtering logic directly to registerProfileProvidersInternal
instead and pass down experimentalProfileIds
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done here: 0739ef2
}); | ||
const context = await rootProfileServiceMock.resolve({ solutionNavId: null }); | ||
expect(rootProfileServiceMock.getProfile(context)).toBe(rootProfileProviderMock.profile); | ||
}); | ||
|
||
it('should not register disabled profile providers', async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we move the filtering logic to registerProfileProvidersInternal
, we should be able to restore an updated version of this test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done in the same commit as mentioned above.
[ | ||
exampleRootProfileProvider, | ||
createSecurityRootProfileProvider(_providerServices), | ||
] as RootProfileProvider[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
] as RootProfileProvider[]; | |
]; |
Nit: I think we can drop the cast now that we have entries in the array.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 . Great catch. Done in the same commit as above.
@@ -88,7 +89,7 @@ const extractProfileIds = (providers: Array<BaseProfileProvider<{}>>) => | |||
providers.map(({ profileId }) => profileId); | |||
|
|||
const createRootProfileProviders = (_providerServices: ProfileProviderServices) => | |||
[] as RootProfileProvider[]; | |||
[createSecurityRootProfileProvider(_providerServices)] as RootProfileProvider[]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, I like this approach better! My only suggestion is rather than using an isEnabled
flag that every profile needs to add, what if we go with something like an optional isExperimental
flag to explicitly mark only the experimental profiles?
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: cc @logeekal |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Data Discovery changes LGTM 👍 Thanks for helping improve profile registration!
Note
This Change is only applicable to Serverless Security Solution as of now. In follow-up PRs, support will be added to ESS as well based data-sources such as index or intergrations.
Summary
Resolves #189151
This PR is foundation for the work described in #186783. This just enables expandable flyout for entity details, which is currently only used in security solution, in discover as well.
As a part of One Discover work, we need to make sure that cell rendering in Discover should behave exactly like it does in security solution.
To enable this, a new
shared-browser
package@kbn/security-solution-common
inx-pack/packages/security-solution
has been created which can used to share components betweensecurity solution
anddiscover
. Below is the usage patternDesk Testing Guide.
kibana.yml
Load Some data
Navigate to discover and add
host.name
as one of the column.Should open an expandable flyout as shown below.
discover_flyout.mp4
Code Review Guide
Most of the changes in the PR are code-organization. There are NO changes in security solution but only the changes to import statements.
You can focus regarding the changes in below packages: