[Entity Store] Do not require full entity definition to execute enrich policy (remove magic number) (#195961)

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/elasticsearch_assets/enrich_policy.ts

@@ -10,11 +10,13 @@ import type { EnrichPutPolicyRequest } from '@elastic/elasticsearch/lib/api/type
 import { getEntitiesIndexName } from '../utils';
 import type { UnitedEntityDefinition } from '../united_entity_definitions';
 
+type DefinitionMetadata = Pick<UnitedEntityDefinition, 'namespace' | 'entityType' | 'version'>;
+
 export const getFieldRetentionEnrichPolicyName = ({
   namespace,
   entityType,
   version,
-}: Pick<UnitedEntityDefinition, 'namespace' | 'entityType' | 'version'>): string => {
+}: DefinitionMetadata): string => {
   return `entity_store_field_retention_${entityType}_${namespace}_v${version}`;
 };
 
@@ -48,7 +50,7 @@ export const executeFieldRetentionEnrichPolicy = async ({
   unitedDefinition,
   logger,
 }: {
-  unitedDefinition: UnitedEntityDefinition;
+  unitedDefinition: DefinitionMetadata;
   esClient: ElasticsearchClient;
   logger: Logger;
 }): Promise<{ executed: boolean }> => {
@@ -72,7 +74,7 @@ export const deleteFieldRetentionEnrichPolicy = async ({
   esClient,
 }: {
   esClient: ElasticsearchClient;
-  unitedDefinition: UnitedEntityDefinition;
+  unitedDefinition: DefinitionMetadata;
 }) => {
   const name = getFieldRetentionEnrichPolicyName(unitedDefinition);
   return esClient.enrich.deletePolicy({ name }, { ignore: [404] });

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/task/field_retention_enrichment_task.ts

@@ -20,7 +20,10 @@ import {
 } from './state';
 import { INTERVAL, SCOPE, TIMEOUT, TYPE, VERSION } from './constants';
 import type { EntityAnalyticsRoutesDeps } from '../../types';
-import { getAvailableEntityTypes, getUnitedEntityDefinition } from '../united_entity_definitions';
+import {
+  getAvailableEntityTypes,
+  getUnitedEntityDefinitionVersion,
+} from '../united_entity_definitions';
 import { executeFieldRetentionEnrichPolicy } from '../elasticsearch_assets';
 
 const logFactory =
@@ -63,13 +66,10 @@ export const registerEntityStoreFieldRetentionEnrichTask = ({
     const [coreStart, _] = await getStartServices();
     const esClient = coreStart.elasticsearch.client.asInternalUser;
 
-    const unitedDefinition = getUnitedEntityDefinition({
-      namespace,
-      entityType,
-      fieldHistoryLength: 10, // we are not using this value so it can be anything
-    });
+    const unitedDefinitionVersion = getUnitedEntityDefinitionVersion(entityType);
+
     return executeFieldRetentionEnrichPolicy({
-      unitedDefinition,
+      unitedDefinition: { namespace, entityType, version: unitedDefinitionVersion },
       esClient,
       logger,
     });

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/host.ts

@@ -8,11 +8,12 @@
 import { collectValuesWithLength } from '../definition_utils';
 import type { UnitedDefinitionBuilder } from '../types';
 
+export const HOST_DEFINITION_VERSION = '1.0.0';
 export const getHostUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLength: number) => {
   const collect = collectValuesWithLength(fieldHistoryLength);
   return {
     entityType: 'host',
-    version: '1.0.0',
+    version: HOST_DEFINITION_VERSION,
     fields: [
       collect({ field: 'host.domain' }),
       collect({ field: 'host.hostname' }),

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/index.ts

@@ -5,6 +5,6 @@
  * 2.0.
  */
 
-export { getHostUnitedDefinition } from './host';
-export { getUserUnitedDefinition } from './user';
+export * from './host';
+export * from './user';
 export { getCommonUnitedFieldDefinitions } from './common';

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/entity_types/user.ts

@@ -7,11 +7,12 @@
 import { collectValuesWithLength } from '../definition_utils';
 import type { UnitedDefinitionBuilder } from '../types';
 
+export const USER_DEFINITION_VERSION = '1.0.0';
 export const getUserUnitedDefinition: UnitedDefinitionBuilder = (fieldHistoryLength: number) => {
   const collect = collectValuesWithLength(fieldHistoryLength);
   return {
     entityType: 'user',
-    version: '1.0.0',
+    version: USER_DEFINITION_VERSION,
     fields: [
       collect({ field: 'user.domain' }),
       collect({ field: 'user.email' }),

x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/united_entity_definitions/get_united_definition.ts

@@ -10,6 +10,8 @@ import {
   getHostUnitedDefinition,
   getUserUnitedDefinition,
   getCommonUnitedFieldDefinitions,
+  USER_DEFINITION_VERSION,
+  HOST_DEFINITION_VERSION,
 } from './entity_types';
 import type { UnitedDefinitionBuilder } from './types';
 import { UnitedEntityDefinition } from './united_entity_definition';
@@ -44,5 +46,8 @@ export const getUnitedEntityDefinition = memoize(
     `${entityType}-${namespace}-${fieldHistoryLength}`
 );
 
+export const getUnitedEntityDefinitionVersion = (entityType: EntityType): string =>
+  entityType === 'host' ? HOST_DEFINITION_VERSION : USER_DEFINITION_VERSION;
+
 export const getAvailableEntityTypes = (): EntityType[] =>
   Object.keys(unitedDefinitionBuilders) as EntityType[];