github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution][Detections] fixes rules bulk delete when rule has data view id (#137585)

Browse source 
## Summary

- fixes https://github.com/elastic/kibana/issues/136006
- in this PR, bulk delete index will only be applied to rule, if index pattern exists
- small code cleanup around dataViewId and index patterns actions
- adds unit/functional tests

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
This commit is contained in:
Vitalii Dmyterko 2022-08-09 12:55:51 +01:00 committed by GitHub
parent ce090a508a
commit b93d4fb04b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 88 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

45
x-pack/plugins/security_solution/server/lib/detection_engine/rules/bulk_actions/rule_params_modifier.test.ts
View file

@ -73,7 +73,22 @@ describe('ruleParamsModifier', () => {
expect(editedRuleParams).toHaveProperty('index', ['initial-index-*']);
});
test('should rewrite index pattern in rule', () => {
test('should return undefined index patterns on remove action if rule has dataViewId only', () => {
const testDataViewId = 'test-data-view-id';
const editedRuleParams = ruleParamsModifier(
{ dataViewId: testDataViewId } as RuleAlertType['params'],
[
{
type: BulkActionEditType.delete_index_patterns,
value: ['index-2-*'],
},
]
);
expect(editedRuleParams).toHaveProperty('index', undefined);
expect(editedRuleParams).toHaveProperty('dataViewId', testDataViewId);
});
test('should rewrite index pattern in rule', () => {
const editedRuleParams = ruleParamsModifier(ruleParamsMock, [
{
type: BulkActionEditType.set_index_patterns,
@ -83,6 +98,34 @@ describe('ruleParamsModifier', () => {
expect(editedRuleParams).toHaveProperty('index', ['index']);
});
test('should set dataViewId to undefined if overwriteDataViews=true on set_index_patterns action', () => {
const editedRuleParams = ruleParamsModifier(
{ dataViewId: 'test-data-view', index: ['test-*'] } as RuleAlertType['params'],
[
{
type: BulkActionEditType.set_index_patterns,
value: ['index'],
overwriteDataViews: true,
},
]
);
expect(editedRuleParams).toHaveProperty('dataViewId', undefined);
});
test('should set dataViewId to undefined if overwriteDataViews=true on add_index_patterns action', () => {
const editedRuleParams = ruleParamsModifier(
{ dataViewId: 'test-data-view', index: ['test-*'] } as RuleAlertType['params'],
[
{
type: BulkActionEditType.add_index_patterns,
value: ['index'],
overwriteDataViews: true,
},
]
);
expect(editedRuleParams).toHaveProperty('dataViewId', undefined);
});
test('should throw error on adding index pattern if rule is of machine learning type', () => {
expect(() =>
ruleParamsModifier({ type: 'machine_learning' } as RuleAlertType['params'], [

11
x-pack/plugins/security_solution/server/lib/detection_engine/rules/bulk_actions/rule_params_modifier.ts
View file

@ -11,7 +11,6 @@ import type { BulkActionEditForRuleParams } from '../../../../../common/detectio
import { BulkActionEditType } from '../../../../../common/detection_engine/schemas/common/schemas';
import { invariant } from '../../../../../common/utils/invariant';
import { isMachineLearningParams } from '../../signals/utils';
export const addItemsToArray = <T>(arr: T[], items: T[]): T[] =>
Array.from(new Set([...arr, ...items]));
@ -36,7 +35,7 @@ const applyBulkActionEditToRuleParams = (
"Index patterns can't be added. Machine learning rule doesn't have index patterns property"
);
if (!isMachineLearningParams(ruleParams) && action.overwriteDataViews) {
if (action.overwriteDataViews) {
ruleParams.dataViewId = undefined;
}
@ -49,7 +48,9 @@ const applyBulkActionEditToRuleParams = (
"Index patterns can't be deleted. Machine learning rule doesn't have index patterns property"
);
ruleParams.index = deleteItemsFromArray(ruleParams.index ?? [], action.value);
if (ruleParams.index) {
ruleParams.index = deleteItemsFromArray(ruleParams.index, action.value);
}
break;
case BulkActionEditType.set_index_patterns:
@ -58,6 +59,10 @@ const applyBulkActionEditToRuleParams = (
"Index patterns can't be overwritten. Machine learning rule doesn't have index patterns property"
);
if (action.overwriteDataViews) {
ruleParams.dataViewId = undefined;
}
ruleParams.index = action.value;
break;

36
x-pack/test/detection_engine_api_integration/security_and_spaces/group1/perform_bulk_action.ts
View file

@ -598,6 +598,42 @@ export default ({ getService }: FtrProviderContext): void => {
expect(setIndexRule.index).to.eql(['initial-index-*']);
});
it('should not delete data view in a rule when delete index pattern action applied', async () => {
const ruleId = 'ruleId';
const dataViewId = 'index1-*';
const simpleRule = {
...getSimpleRule(ruleId),
index: undefined,
data_view_id: dataViewId,
};
await createRule(supertest, log, simpleRule);
const { body: bulkActionResponse } = await postBulkAction()
.send({
query: '',
action: BulkAction.edit,
[BulkAction.edit]: [
{
type: BulkActionEditType.delete_index_patterns,
value: ['initial-index-*'],
},
],
})
.expect(200);
expect(bulkActionResponse.attributes.summary).to.eql({ failed: 0, succeeded: 1, total: 1 });
// Check that the updated rule is returned with the response
expect(bulkActionResponse.attributes.results.updated[0].data_view_id).to.be(dataViewId);
expect(bulkActionResponse.attributes.results.updated[0].index).to.be(undefined);
// Check that the updates have been persisted
const { body: updatedRule } = await fetchRule(ruleId).expect(200);
expect(updatedRule.data_view_id).to.be(dataViewId);
expect(updatedRule.index).to.be(undefined);
});
it('should set timeline values in rule', async () => {
const ruleId = 'ruleId';
const timelineId = '91832785-286d-4ebe-b884-1a208d111a70';