-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] JSON diff view for prebuilt rule upgrade flow #172535
[Security Solution] JSON diff view for prebuilt rule upgrade flow #172535
Conversation
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
const getRuleTabs = useCallback( | ||
(rule: RuleResponse, defaultTabs: EuiTabbedContentTab[]): EuiTabbedContentTab[] => { | ||
const activeRule = filteredRules.find(({ id }) => id === rule.id); | ||
|
||
if (!activeRule) { | ||
return defaultTabs; | ||
} | ||
|
||
const diffTab = { | ||
id: 'updates', | ||
name: ruleDetailsI18n.UPDATES_TAB_LABEL, | ||
content: ( | ||
<TabContentPadding> | ||
<RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} /> | ||
</TabContentPadding> | ||
), | ||
}; | ||
|
||
return [diffTab, ...defaultTabs]; | ||
}, | ||
[filteredRules] | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I feel the logic for this function is somewhat complicated, since we pass this function to RuleDetailsFlyout
and expect the defaultTabs
to be created and passed there, with no clear understanding here of what they are.
I think we can simplify and make this logic less tightly coupled by making getRuleTabs
only return the diffTab
if there's an active rule, or nothing if not:
const getRuleTabs = useCallback(
(rule: RuleResponse,): EuiTabbedContentTab[] => {
const activeRule = filteredRules.find(({ id }) => id === rule.id);
if (!activeRule || !isJsonPrebuiltRulesDiffingEnabled) {
return;
}
const diffTab = {
id: 'updates',
name: ruleDetailsI18n.UPDATES_TAB_LABEL,
content: (
<TabContentPadding>
<RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
</TabContentPadding>
),
};
return diffTab;
},
[filteredRules]
);
And then within RuleDetailsFlyout
, tabs
can have a clearer logic:
const tabs = useMemo(() => {
let tabs = [overviewTab];
if (rule.note) {
tabs.push(investigationGuideTab);
}
const diffTab = getRuleTabs(rule);
if (diffTab) {
tabs = [diffTab, ...tabs];
}
return tabs;
}, [overviewTab, investigationGuideTab, rule, getRuleTabs]);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And in that case, I would actually rename getRuleTabs
to something like getRuleDiffTab
. It has a single responsibility now that is checking and getting the diff tab, completely independently from the other tabs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One additional nit: To create the tab here you had to export TabContentPadding
from rule_details_flyout.tsx
into this parent component, which look anti-pattern-ny to me.
I think here you could just return:
const diffTab = {
id: 'updates',
name: ruleDetailsI18n.UPDATES_TAB_LABEL,
content: <RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
};
And then within RuleDetailsFlyout, wrap the component there so you don't have to export it.
const tabs = useMemo(() => {
let tabs = [overviewTab];
if (rule.note) {
tabs.push(investigationGuideTab);
}
const diffTab = getRuleTabs(rule);
if (diffTab) {
const paddedDiffTab = (
<TabContentPadding>
{diffTab}
</TabContentPadding>
)
tabs = [paddedDiffTab, ...tabs];
}
return tabs;
}, [overviewTab, investigationGuideTab, rule, getRuleTabs]);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++ we have a similar logic structure in the alerts table with default columns and it makes it very difficult to understand out of context and build upon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dplumlee Just had a conversation with @jpdjere about this. We ended up deciding to refactor this part in a way that's easier to understand but still keeping RuleDetailsFlyout
agnostic of which extra tabs it contains. Ideally we'd want to keep RuleDetailsFlyout
unaware of the diffs if we want to reuse it on the MITRE page. I pushed the changes. Does this look fine to you?
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
b5fd548
to
fd75065
Compare
packages/kbn-failed-test-reporter-cli/failed_tests_reporter/add_messages_to_report.test.ts
Show resolved
Hide resolved
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
One issue I'm seeing is that, when I patch/update a rule to test the diff, the When the rule is updated, the I'm trying to see if this is something we should fix in the Same with the |
So the issue is actually in the In the file const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
}; and should be: const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
revision: installedCurrentVersion.revision + 1,
}; since With this fix, the diff will show an update of My opinion is that we should hide it from the user (although not necessarily in this PR due to time constraints, but as a follow-up). Maybe @banderror has an opinion? |
Actually, we need a slightly larger fix in:
const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
revision: installedCurrentVersion.revision + 1,
created_at: installedCurrentVersion.created_at,
updated_at: new Date().toISOString(),
updated_by: installedCurrentVersion.updated_by,
created_by: installedCurrentVersion.created_by,
}; because:
|
da2b4ec
to
04750b5
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @nikitaindik |
…astic#172535) ## Summary **Resolves: elastic#169160 **Resolves: elastic#166164 **Docs issue: elastic/security-docs#4371 This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations. <img width="1313" alt="Schermafbeelding 2023-12-05 om 02 48 37" src="https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Functional changes are communicated to the Docs team. A ticket or PR is opened in https://github.com/elastic/security-docs. The following information is included: any feature flags used, affected environments (Serverless, ESS, or both). ([Docs issue](elastic/security-docs#4371)) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ([Docs issue](elastic/security-docs#4371)) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (will be added in a follow-up PR) - [ ] Functional changes are covered with a test plan and automated tests (will be added in a follow-up PR) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (Doesn't look great on phone screen, because viewing diff requires a lot of horizontal space. Tablets are fine though.) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [x] Functional changes are hidden behind a feature flag. If not hidden, the PR explains why these changes are being implemented in a long-living feature branch. - [x] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]> (cherry picked from commit e5a6b97)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…low (#172535) (#172957) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)](#172535) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-08T15:16:42Z","message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Detections and Resp","Team: SecuritySolution","release_note:feature","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.12.0","v8.13.0"],"number":172535,"url":"https://github.com/elastic/kibana/pull/172535","mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/172535","number":172535,"mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
Summary
Resolves: #169160
Resolves: #166164
Docs issue: elastic/security-docs#4371
This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations.
Checklist
Delete any items that are not applicable to this PR.