-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Detections][Tech Debt] - Move to using common io-ts types #75009
Changes from 11 commits
8548c1d
4e77ecf
9a7b05c
79ab71d
dcfb598
f713a28
6a9f432
f983e83
0b3773d
5e1fd07
6393862
3656316
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
export * from './add_prepackaged_rules_schema'; | ||
export * from './create_rules_bulk_schema'; | ||
export * from './create_rules_schema'; | ||
export * from './export_rules_schema'; | ||
export * from './find_rules_schema'; | ||
export * from './import_rules_schema'; | ||
export * from './patch_rules_bulk_schema'; | ||
export * from './patch_rules_schema'; | ||
export * from './query_rules_schema'; | ||
export * from './query_signals_index_schema'; | ||
export * from './set_signal_status_schema'; | ||
export * from './update_rules_bulk_schema'; | ||
export * from './update_rules_schema'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
export * from './error_schema'; | ||
export * from './find_rules_schema'; | ||
export * from './import_rules_schema'; | ||
export * from './prepackaged_rules_schema'; | ||
export * from './prepackaged_rules_status_schema'; | ||
export * from './rules_bulk_schema'; | ||
export * from './rules_schema'; | ||
export * from './type_timeline_only_schema'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,7 +3,6 @@ | |
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { HttpStart } from '../../../../../../../../src/core/public'; | ||
import { | ||
DETECTION_ENGINE_RULES_URL, | ||
|
@@ -13,13 +12,13 @@ import { | |
DETECTION_ENGINE_TAGS_URL, | ||
} from '../../../../../common/constants'; | ||
import { | ||
AddRulesProps, | ||
UpdateRulesProps, | ||
CreateRulesProps, | ||
DeleteRulesProps, | ||
DuplicateRulesProps, | ||
EnableRulesProps, | ||
FetchRulesProps, | ||
FetchRulesResponse, | ||
NewRule, | ||
Rule, | ||
FetchRuleProps, | ||
BasicFetchProps, | ||
|
@@ -33,32 +32,51 @@ import { | |
} from './types'; | ||
import { KibanaServices } from '../../../../common/lib/kibana'; | ||
import * as i18n from '../../../pages/detection_engine/rules/translations'; | ||
import { RulesSchema } from '../../../../../common/detection_engine/schemas/response'; | ||
|
||
/** | ||
* Add provided Rule | ||
* Create provided Rule | ||
* | ||
* @param rule to add | ||
* @param rule CreateRulesSchema to add | ||
* @param signal to cancel request | ||
* | ||
* @throws An error if response is not OK | ||
*/ | ||
export const addRule = async ({ rule, signal }: AddRulesProps): Promise<NewRule> => | ||
KibanaServices.get().http.fetch<NewRule>(DETECTION_ENGINE_RULES_URL, { | ||
method: rule.id != null ? 'PUT' : 'POST', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Neither CreateRuleSchema or UpdateRuleSchema require the presence of an |
||
export const createRule = async ({ rule, signal }: CreateRulesProps): Promise<RulesSchema> => | ||
KibanaServices.get().http.fetch<RulesSchema>(DETECTION_ENGINE_RULES_URL, { | ||
method: 'POST', | ||
body: JSON.stringify(rule), | ||
signal, | ||
}); | ||
|
||
/** | ||
* Update provided Rule using PUT | ||
* | ||
* @param rule UpdateRulesSchema to be updated | ||
* @param signal to cancel request | ||
* | ||
* @throws An error if response is not OK | ||
*/ | ||
export const updateRule = async ({ rule, signal }: UpdateRulesProps): Promise<RulesSchema> => | ||
KibanaServices.get().http.fetch<RulesSchema>(DETECTION_ENGINE_RULES_URL, { | ||
method: 'PUT', | ||
body: JSON.stringify(rule), | ||
signal, | ||
}); | ||
|
||
/** | ||
* Patch provided Rule | ||
* Patch provided rule | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If we're going to discourage usage of patch in a certain way, we should probably limit the schema so that we can only patch the fields that we're expecting to be patched. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That's a good call. I think it's particular to the way we built the UI (need to double check that) so maybe creating a limited schema in the front end makes sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If I recall correctly, usage of patch was highly discouraged in general... so maybe worth discussing limiting on the backend too? Shouldn't block this PR, but if we could prevent someone from trying to use the API in ways that could be detrimental, I think that could be worthwhile. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, just circling back on this PR now. I think that's definitely a good point that we should discuss. I added it to our team discussion for next week. |
||
* NOTE: The rule edit flow does NOT use patch as it relies on the | ||
* functionality of PUT to delete field values when not provided, if | ||
* just expecting changes, use this `patchRule` | ||
* | ||
* @param ruleProperties to patch | ||
* @param signal to cancel request | ||
* | ||
* @throws An error if response is not OK | ||
*/ | ||
export const patchRule = async ({ ruleProperties, signal }: PatchRuleProps): Promise<NewRule> => | ||
KibanaServices.get().http.fetch<NewRule>(DETECTION_ENGINE_RULES_URL, { | ||
export const patchRule = async ({ ruleProperties, signal }: PatchRuleProps): Promise<RulesSchema> => | ||
KibanaServices.get().http.fetch<RulesSchema>(DETECTION_ENGINE_RULES_URL, { | ||
method: 'PATCH', | ||
body: JSON.stringify(ruleProperties), | ||
signal, | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,36 +4,7 @@ | |
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { NewRule, FetchRulesResponse, Rule } from './types'; | ||
|
||
export const ruleMock: NewRule = { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Moving towards using the already created mocks next to the schema files. |
||
description: 'some desc', | ||
enabled: true, | ||
false_positives: [], | ||
filters: [], | ||
from: 'now-360s', | ||
index: [ | ||
'apm-*-transaction*', | ||
'auditbeat-*', | ||
'endgame-*', | ||
'filebeat-*', | ||
'packetbeat-*', | ||
'winlogbeat-*', | ||
], | ||
interval: '5m', | ||
rule_id: 'bbd3106e-b4b5-4d7c-a1a2-47531d6a2baf', | ||
language: 'kuery', | ||
risk_score: 75, | ||
name: 'Test rule', | ||
query: "user.email: 'root@elastic.co'", | ||
references: [], | ||
severity: 'high', | ||
tags: ['APM'], | ||
to: 'now', | ||
type: 'query', | ||
threat: [], | ||
throttle: null, | ||
}; | ||
import { FetchRulesResponse, Rule } from './types'; | ||
|
||
export const savedRuleMock: Rule = { | ||
author: [], | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this was just a typo? Seems like all other typescript ones are uppercase.