mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
[Security Solution][Detection Engine] removes feature flag for custom highlighted fields edit in 8.16 (#188628)
## Summary Removes feature flag `bulkCustomHighlightedFieldsEnabled` for 8.16 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Ievgen Sorokopud
GitHub
parent
6aaccd6f08
commit
39a55156f1
16 changed files with 10 additions and 141 deletions
|
|
@ -53,7 +53,6 @@ export const BulkActionsDryRunErrCode = z.enum([
|
|||
'MACHINE_LEARNING_AUTH',
|
||||
'MACHINE_LEARNING_INDEX_PATTERN',
|
||||
'ESQL_INDEX_PATTERN',
|
||||
'INVESTIGATION_FIELDS_FEATURE',
|
||||
'MANUAL_RULE_RUN_FEATURE',
|
||||
'MANUAL_RULE_RUN_DISABLED_RULE',
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -78,7 +78,6 @@ components:
|
|||
- MACHINE_LEARNING_AUTH
|
||||
- MACHINE_LEARNING_INDEX_PATTERN
|
||||
- ESQL_INDEX_PATTERN
|
||||
- INVESTIGATION_FIELDS_FEATURE
|
||||
- MANUAL_RULE_RUN_FEATURE
|
||||
- MANUAL_RULE_RUN_DISABLED_RULE
|
||||
|
||||
|
|
|
|||
|
|
@ -429,7 +429,6 @@ export enum BulkActionsDryRunErrCode {
|
|||
MACHINE_LEARNING_AUTH = 'MACHINE_LEARNING_AUTH',
|
||||
MACHINE_LEARNING_INDEX_PATTERN = 'MACHINE_LEARNING_INDEX_PATTERN',
|
||||
ESQL_INDEX_PATTERN = 'ESQL_INDEX_PATTERN',
|
||||
INVESTIGATION_FIELDS_FEATURE = 'INVESTIGATION_FIELDS_FEATURE',
|
||||
MANUAL_RULE_RUN_FEATURE = 'MANUAL_RULE_RUN_FEATURE',
|
||||
MANUAL_RULE_RUN_DISABLED_RULE = 'MANUAL_RULE_RUN_DISABLED_RULE',
|
||||
}
|
||||
|
|
|
|||
|
|
@ -244,11 +244,6 @@ export const allowedExperimentalValues = Object.freeze({
|
|||
*/
|
||||
valueListItemsModalEnabled: true,
|
||||
|
||||
/**
|
||||
* Enables the new rule's bulk action to manage custom highlighted fields
|
||||
*/
|
||||
bulkCustomHighlightedFieldsEnabled: false,
|
||||
|
||||
/**
|
||||
* Enables the manual rule run
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1701,7 +1701,6 @@ components:
|
|||
- MACHINE_LEARNING_AUTH
|
||||
- MACHINE_LEARNING_INDEX_PATTERN
|
||||
- ESQL_INDEX_PATTERN
|
||||
- INVESTIGATION_FIELDS_FEATURE
|
||||
- MANUAL_RULE_RUN_FEATURE
|
||||
- MANUAL_RULE_RUN_DISABLED_RULE
|
||||
type: string
|
||||
|
|
|
|||
|
|
@ -998,7 +998,6 @@ components:
|
|||
- MACHINE_LEARNING_AUTH
|
||||
- MACHINE_LEARNING_INDEX_PATTERN
|
||||
- ESQL_INDEX_PATTERN
|
||||
- INVESTIGATION_FIELDS_FEATURE
|
||||
- MANUAL_RULE_RUN_FEATURE
|
||||
- MANUAL_RULE_RUN_DISABLED_RULE
|
||||
type: string
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import { euiThemeVars } from '@kbn/ui-theme';
|
|||
import React, { useCallback } from 'react';
|
||||
import { MAX_MANUAL_RULE_RUN_BULK_SIZE } from '../../../../../../common/constants';
|
||||
import type { TimeRange } from '../../../../rule_gaps/types';
|
||||
import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
|
||||
import { useKibana } from '../../../../../common/lib/kibana';
|
||||
import { convertRulesFilterToKQL } from '../../../../../../common/detection_engine/rule_management/rule_filtering';
|
||||
import { DuplicateOptions } from '../../../../../../common/detection_engine/rule_management/constants';
|
||||
|
|
@ -89,10 +88,6 @@ export const useBulkActions = ({
|
|||
actions: { clearRulesSelection, setIsPreflightInProgress },
|
||||
} = rulesTableContext;
|
||||
|
||||
const isBulkCustomHighlightedFieldsEnabled = useIsExperimentalFeatureEnabled(
|
||||
'bulkCustomHighlightedFieldsEnabled'
|
||||
);
|
||||
|
||||
const getBulkItemsPopoverContent = useCallback(
|
||||
(closePopover: () => void): EuiContextMenuPanelDescriptor[] => {
|
||||
const selectedRules = rules.filter(({ id }) => selectedRuleIds.includes(id));
|
||||
|
|
@ -400,17 +395,13 @@ export const useBulkActions = ({
|
|||
disabled: isEditDisabled,
|
||||
panel: 1,
|
||||
},
|
||||
...(isBulkCustomHighlightedFieldsEnabled
|
||||
? [
|
||||
{
|
||||
key: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
|
||||
name: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
|
||||
'data-test-subj': 'investigationFieldsBulkEditRule',
|
||||
disabled: isEditDisabled,
|
||||
panel: 3,
|
||||
},
|
||||
]
|
||||
: []),
|
||||
{
|
||||
key: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
|
||||
name: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
|
||||
'data-test-subj': 'investigationFieldsBulkEditRule',
|
||||
disabled: isEditDisabled,
|
||||
panel: 3,
|
||||
},
|
||||
{
|
||||
key: i18n.BULK_ACTION_ADD_RULE_ACTIONS,
|
||||
name: i18n.BULK_ACTION_ADD_RULE_ACTIONS,
|
||||
|
|
@ -584,7 +575,6 @@ export const useBulkActions = ({
|
|||
selectedRuleIds,
|
||||
hasActionsPrivileges,
|
||||
isAllSelected,
|
||||
isBulkCustomHighlightedFieldsEnabled,
|
||||
loadingRuleIds,
|
||||
startTransaction,
|
||||
hasMlPermissions,
|
||||
|
|
|
|||
|
|
@ -10,9 +10,7 @@ import { BulkActionEditTypeEnum } from '../../../../../../common/api/detection_e
|
|||
import type { RuleAlertType } from '../../../rule_schema';
|
||||
import type { ExperimentalFeatures } from '../../../../../../common';
|
||||
|
||||
const mockExperimentalFeatures = {
|
||||
bulkCustomHighlightedFieldsEnabled: true,
|
||||
} as ExperimentalFeatures;
|
||||
const mockExperimentalFeatures = {} as ExperimentalFeatures;
|
||||
|
||||
describe('addItemsToArray', () => {
|
||||
test('should add single item to array', () => {
|
||||
|
|
@ -731,68 +729,6 @@ describe('ruleParamsModifier', () => {
|
|||
}
|
||||
);
|
||||
});
|
||||
|
||||
describe('feature flag disabled state', () => {
|
||||
test('should throw error on adding investigation fields if feature is disabled', () => {
|
||||
expect(() =>
|
||||
ruleParamsModifier(
|
||||
{
|
||||
...ruleParamsMock,
|
||||
investigationFields: ['field-1', 'field-2', 'field-3'],
|
||||
} as RuleAlertType['params'],
|
||||
[
|
||||
{
|
||||
type: BulkActionEditTypeEnum.add_investigation_fields,
|
||||
value: { field_names: ['field-4'] },
|
||||
},
|
||||
],
|
||||
{
|
||||
bulkCustomHighlightedFieldsEnabled: false,
|
||||
} as ExperimentalFeatures
|
||||
)
|
||||
).toThrow("Custom highlighted fields can't be added. Feature is disabled.");
|
||||
});
|
||||
|
||||
test('should throw error on overwriting investigation fields if feature is disabled', () => {
|
||||
expect(() =>
|
||||
ruleParamsModifier(
|
||||
{
|
||||
...ruleParamsMock,
|
||||
investigationFields: ['field-1', 'field-2', 'field-3'],
|
||||
} as RuleAlertType['params'],
|
||||
[
|
||||
{
|
||||
type: BulkActionEditTypeEnum.set_investigation_fields,
|
||||
value: { field_names: ['field-4'] },
|
||||
},
|
||||
],
|
||||
{
|
||||
bulkCustomHighlightedFieldsEnabled: false,
|
||||
} as ExperimentalFeatures
|
||||
)
|
||||
).toThrow("Custom highlighted fields can't be overwritten. Feature is disabled.");
|
||||
});
|
||||
|
||||
test('should throw error on deleting investigation fields if feature is disabled', () => {
|
||||
expect(() =>
|
||||
ruleParamsModifier(
|
||||
{
|
||||
...ruleParamsMock,
|
||||
investigationFields: ['field-1', 'field-2', 'field-3'],
|
||||
} as RuleAlertType['params'],
|
||||
[
|
||||
{
|
||||
type: BulkActionEditTypeEnum.delete_investigation_fields,
|
||||
value: { field_names: ['field-1'] },
|
||||
},
|
||||
],
|
||||
{
|
||||
bulkCustomHighlightedFieldsEnabled: false,
|
||||
} as ExperimentalFeatures
|
||||
)
|
||||
).toThrow("Custom highlighted fields can't be deleted. Feature is disabled.");
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('timeline', () => {
|
||||
|
|
|
|||
|
|
@ -198,11 +198,6 @@ const applyBulkActionEditToRuleParams = (
|
|||
}
|
||||
// investigation_fields actions
|
||||
case BulkActionEditTypeEnum.add_investigation_fields: {
|
||||
invariant(
|
||||
experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
|
||||
"Custom highlighted fields can't be added. Feature is disabled."
|
||||
);
|
||||
|
||||
if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
|
||||
isActionSkipped = true;
|
||||
break;
|
||||
|
|
@ -219,11 +214,6 @@ const applyBulkActionEditToRuleParams = (
|
|||
break;
|
||||
}
|
||||
case BulkActionEditTypeEnum.delete_investigation_fields: {
|
||||
invariant(
|
||||
experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
|
||||
"Custom highlighted fields can't be deleted. Feature is disabled."
|
||||
);
|
||||
|
||||
if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
|
||||
isActionSkipped = true;
|
||||
break;
|
||||
|
|
@ -246,11 +236,6 @@ const applyBulkActionEditToRuleParams = (
|
|||
break;
|
||||
}
|
||||
case BulkActionEditTypeEnum.set_investigation_fields: {
|
||||
invariant(
|
||||
experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
|
||||
"Custom highlighted fields can't be overwritten. Feature is disabled."
|
||||
);
|
||||
|
||||
if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
|
||||
isActionSkipped = true;
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -21,18 +21,3 @@ export const isIndexPatternsBulkEditAction = (editAction: BulkActionEditType) =>
|
|||
];
|
||||
return indexPatternsActions.includes(editAction);
|
||||
};
|
||||
|
||||
/**
|
||||
* helper utility that defines whether bulk edit action is related to investigation fields, i.e. one of:
|
||||
* 'add_investigation_fields', 'delete_investigation_fields', 'set_investigation_fields'
|
||||
* @param editAction {@link BulkActionEditType}
|
||||
* @returns {boolean}
|
||||
*/
|
||||
export const isInvestigationFieldsBulkEditAction = (editAction: BulkActionEditType) => {
|
||||
const investigationFieldsActions: BulkActionEditType[] = [
|
||||
BulkActionEditTypeEnum.add_investigation_fields,
|
||||
BulkActionEditTypeEnum.delete_investigation_fields,
|
||||
BulkActionEditTypeEnum.set_investigation_fields,
|
||||
];
|
||||
return investigationFieldsActions.includes(editAction);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ import type {
|
|||
} from '../../../../../../common/api/detection_engine/rule_management';
|
||||
import { BulkActionEditTypeEnum } from '../../../../../../common/api/detection_engine/rule_management';
|
||||
import type { RuleAlertType } from '../../../rule_schema';
|
||||
import { isIndexPatternsBulkEditAction, isInvestigationFieldsBulkEditAction } from './utils';
|
||||
import { isIndexPatternsBulkEditAction } from './utils';
|
||||
import { throwDryRunError } from './dry_run';
|
||||
import type { MlAuthz } from '../../../../machine_learning/authz';
|
||||
import { throwAuthzError } from '../../../../machine_learning/validation';
|
||||
|
|
@ -140,7 +140,6 @@ export const dryRunValidateBulkEditRule = async ({
|
|||
rule,
|
||||
edit,
|
||||
mlAuthz,
|
||||
experimentalFeatures,
|
||||
}: DryRunBulkEditBulkActionsValidationArgs) => {
|
||||
await validateBulkEditRule({
|
||||
ruleType: rule.params.type,
|
||||
|
|
@ -170,15 +169,4 @@ export const dryRunValidateBulkEditRule = async ({
|
|||
),
|
||||
BulkActionsDryRunErrCode.ESQL_INDEX_PATTERN
|
||||
);
|
||||
|
||||
// check whether "custom highlighted fields" feature is enabled
|
||||
await throwDryRunError(
|
||||
() =>
|
||||
invariant(
|
||||
experimentalFeatures.bulkCustomHighlightedFieldsEnabled ||
|
||||
!edit.some((action) => isInvestigationFieldsBulkEditAction(action.type)),
|
||||
'Bulk custom highlighted fields action feature is disabled.'
|
||||
),
|
||||
BulkActionsDryRunErrCode.INVESTIGATION_FIELDS_FEATURE
|
||||
);
|
||||
};
|
||||
|
|
|
|||
|
|
@ -84,7 +84,6 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
|
|||
'alertSuppressionForEsqlRuleEnabled',
|
||||
'riskScoringPersistence',
|
||||
'riskScoringRoutesEnabled',
|
||||
'bulkCustomHighlightedFieldsEnabled',
|
||||
'alertSuppressionForMachineLearningRuleEnabled',
|
||||
'manualRuleRunEnabled',
|
||||
])}`,
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ export default createTestConfig({
|
|||
'/testing_regex*/',
|
||||
])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'bulkCustomHighlightedFieldsEnabled',
|
||||
'alertSuppressionForMachineLearningRuleEnabled',
|
||||
'alertSuppressionForEsqlRuleEnabled',
|
||||
'manualRuleRunEnabled',
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
|||
'--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForEsqlRuleEnabled',
|
||||
'bulkCustomHighlightedFieldsEnabled',
|
||||
'alertSuppressionForMachineLearningRuleEnabled',
|
||||
'manualRuleRunEnabled',
|
||||
])}`,
|
||||
|
|
|
|||
|
|
@ -578,8 +578,7 @@ describe('Detection rules, bulk edit', { tags: ['@ess', '@serverless'] }, () =>
|
|||
});
|
||||
});
|
||||
|
||||
// https://github.com/elastic/kibana/issues/182834
|
||||
describe('Investigation fields actions', { tags: ['@skipInServerlessMKI'] }, () => {
|
||||
describe('Investigation fields actions', () => {
|
||||
it('Add investigation fields to custom rules', () => {
|
||||
getRulesManagementTableRows().then((rows) => {
|
||||
const fieldsToBeAdded = ['source.ip', 'destination.ip'];
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
|
|||
])}`,
|
||||
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
|
||||
'alertSuppressionForEsqlRuleEnabled',
|
||||
'bulkCustomHighlightedFieldsEnabled',
|
||||
'alertSuppressionForMachineLearningRuleEnabled',
|
||||
'manualRuleRunEnabled',
|
||||
])}`,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue