Using msearch for tree api endpoint (#73813)

2025-06-27 18:51:07 -04:00 · 2020-08-04 12:54:20 -04:00 · 2020-08-04 12:54:20 -04:00 · 2dea17a8d0
commit 2dea17a8d0
parent 89dba39273
7 changed files with 30 additions and 38 deletions
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts
@ -9,7 +9,6 @@ import { TypeOf } from '@kbn/config-schema';
 import { eventsIndexPattern, alertsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateTree } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
-import { Tree } from './utils/tree';
 import { EndpointAppContext } from '../../types';

 export function handleTree(
@ -17,42 +16,21 @@ export function handleTree(
  endpointAppContext: EndpointAppContext
 ): RequestHandler<TypeOf<typeof validateTree.params>, TypeOf<typeof validateTree.query>> {
  return async (context, req, res) => {
-    const {
-      params: { id },
-      query: {
-        children,
-        ancestors,
-        events,
-        alerts,
-        afterAlert,
-        afterEvent,
-        afterChild,
-        legacyEndpointID: endpointID,
-      },
-    } = req;
    try {
      const client = context.core.elasticsearch.legacy.client;

-      const fetcher = new Fetcher(client, id, eventsIndexPattern, alertsIndexPattern, endpointID);
+      const fetcher = new Fetcher(
+        client,
+        req.params.id,
+        eventsIndexPattern,
+        alertsIndexPattern,
+        req.query.legacyEndpointID
+      );

-      const [childrenNodes, ancestry, relatedEvents, relatedAlerts] = await Promise.all([
-        fetcher.children(children, afterChild),
-        fetcher.ancestors(ancestors),
-        fetcher.events(events, afterEvent),
-        fetcher.alerts(alerts, afterAlert),
-      ]);
-
-      const tree = new Tree(id, {
-        ancestry,
-        children: childrenNodes,
-        relatedEvents,
-        relatedAlerts,
-      });
-
-      const enrichedTree = await fetcher.stats(tree);
+      const tree = await fetcher.tree(req.query);

      return res.ok({
-        body: enrichedTree.render(),
+        body: tree.render(),
      });
    } catch (err) {
      log.warn(err);
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts
@ -66,6 +66,6 @@ export class ChildrenLifecycleQueryHandler implements SingleQueryHandler<Resolve
    }

    this.handleResponse(await this.query.search(client, this.childrenHelper.getEntityIDs()));
-    return this.getResults() || createChildren();
+    return this.getResults() ?? createChildren();
  }
 }
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
@ -172,7 +172,7 @@ export class Fetcher {
    );

    // now that we have all the start events get the full lifecycle nodes
-    childrenLifecycleHandler.search(this.client);
+    await childrenLifecycleHandler.search(this.client);

    const tree = new Tree(this.id, {
      ancestry: ancestryHandler.getResults(),
--- a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
@ -26,9 +26,7 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider
    before(async () => {
      await ingestManager.setup();
    });
-    loadTestFile(require.resolve('./resolver/entity_id'));
-    loadTestFile(require.resolve('./resolver/tree'));
-    loadTestFile(require.resolve('./resolver/children'));
+    loadTestFile(require.resolve('./resolver/index'));
    loadTestFile(require.resolve('./metadata'));
    loadTestFile(require.resolve('./policy'));
    loadTestFile(require.resolve('./artifacts'));
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
@ -16,7 +16,7 @@ import {
 } from '../../../../plugins/security_solution/common/endpoint/generate_data';
 import { InsertedEvents } from '../../services/resolver';

-export default function resolverAPIIntegrationTests({ getService }: FtrProviderContext) {
+export default function ({ getService }: FtrProviderContext) {
  const supertest = getService('supertest');
  const resolver = getService('resolverGenerator');
  const generator = new EndpointDocGenerator('resolver');
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts
@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function (providerContext: FtrProviderContext) {
+  const { loadTestFile } = providerContext;
+
+  describe('Resolver tests', () => {
+    loadTestFile(require.resolve('./entity_id'));
+    loadTestFile(require.resolve('./children'));
+    loadTestFile(require.resolve('./tree'));
+  });
+}
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts
@ -230,7 +230,7 @@ const verifyLifecycleStats = (
  }
 };

-export default function resolverAPIIntegrationTests({ getService }: FtrProviderContext) {
+export default function ({ getService }: FtrProviderContext) {
  const supertest = getService('supertest');
  const esArchiver = getService('esArchiver');
  const resolver = getService('resolverGenerator');