[Security Solution] JSON diff view for prebuilt rule upgrade flow #172535
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nikitaindik
added
backport:skip
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
jpdjere
reviewed
Dec 5, 2023
Comment on lines
273
to
294
| const getRuleTabs = useCallback( | ||
| (rule: RuleResponse, defaultTabs: EuiTabbedContentTab[]): EuiTabbedContentTab[] => { | ||
| const activeRule = filteredRules.find(({ id }) => id === rule.id); | ||
|
|
||
| if (!activeRule) { | ||
| return defaultTabs; | ||
| } | ||
|
|
||
| const diffTab = { | ||
| id: 'updates', | ||
| name: ruleDetailsI18n.UPDATES_TAB_LABEL, | ||
| content: ( | ||
| <TabContentPadding> | ||
| <RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} /> | ||
| </TabContentPadding> | ||
| ), | ||
| }; | ||
|
|
||
| return [diffTab, ...defaultTabs]; | ||
| }, | ||
| [filteredRules] | ||
| ); |
There was a problem hiding this comment.
I feel the logic for this function is somewhat complicated, since we pass this function to RuleDetailsFlyout and expect the defaultTabs to be created and passed there, with no clear understanding here of what they are.
I think we can simplify and make this logic less tightly coupled by making getRuleTabs only return the diffTab if there's an active rule, or nothing if not:
const getRuleTabs = useCallback(
(rule: RuleResponse,): EuiTabbedContentTab[] => {
const activeRule = filteredRules.find(({ id }) => id === rule.id);
if (!activeRule || !isJsonPrebuiltRulesDiffingEnabled) {
return;
}
const diffTab = {
id: 'updates',
name: ruleDetailsI18n.UPDATES_TAB_LABEL,
content: (
<TabContentPadding>
<RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
</TabContentPadding>
),
};
return diffTab;
},
[filteredRules]
);And then within RuleDetailsFlyout, tabs can have a clearer logic:
const tabs = useMemo(() => {
let tabs = [overviewTab];
if (rule.note) {
tabs.push(investigationGuideTab);
}
const diffTab = getRuleTabs(rule);
if (diffTab) {
tabs = [diffTab, ...tabs];
}
return tabs;
}, [overviewTab, investigationGuideTab, rule, getRuleTabs]);There was a problem hiding this comment.
And in that case, I would actually rename getRuleTabs to something like getRuleDiffTab. It has a single responsibility now that is checking and getting the diff tab, completely independently from the other tabs.
There was a problem hiding this comment.
One additional nit: To create the tab here you had to export TabContentPadding from rule_details_flyout.tsx into this parent component, which look anti-pattern-ny to me.
I think here you could just return:
const diffTab = {
id: 'updates',
name: ruleDetailsI18n.UPDATES_TAB_LABEL,
content: <RuleDiffTab oldRule={activeRule.current_rule} newRule={activeRule.target_rule} />
}; And then within RuleDetailsFlyout, wrap the component there so you don't have to export it.
const tabs = useMemo(() => {
let tabs = [overviewTab];
if (rule.note) {
tabs.push(investigationGuideTab);
}
const diffTab = getRuleTabs(rule);
if (diffTab) {
const paddedDiffTab = (
<TabContentPadding>
{diffTab}
</TabContentPadding>
)
tabs = [paddedDiffTab, ...tabs];
}
return tabs;
}, [overviewTab, investigationGuideTab, rule, getRuleTabs]); 
There was a problem hiding this comment.
++ we have a similar logic structure in the alerts table with default columns and it makes it very difficult to understand out of context and build upon.
There was a problem hiding this comment.
@dplumlee Just had a conversation with @jpdjere about this. We ended up deciding to refactor this part in a way that's easier to understand but still keeping RuleDetailsFlyout agnostic of which extra tabs it contains. Ideally we'd want to keep RuleDetailsFlyout unaware of the diffs if we want to reuse it on the MITRE page. I pushed the changes. Does this look fine to you?
jpdjere
reviewed
Dec 5, 2023
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
nikitaindik
force-pushed
the
json-diff-for-rule-upgrade
branch
from
b5fd548
to
fd75065
Compare
nikitaindik
commented
Dec 5, 2023
packages/kbn-failed-test-reporter-cli/failed_tests_reporter/add_messages_to_report.test.ts
Show resolved
Hide resolved
jpdjere
reviewed
Dec 5, 2023
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
jpdjere
reviewed
Dec 5, 2023
...tion/public/detection_engine/rule_management/components/rule_details/json_diff/diff_view.tsx
Outdated
Show resolved
Hide resolved
|
One issue I'm seeing is that, when I patch/update a rule to test the diff, the
When the rule is updated, the I'm trying to see if this is something we should fix in the Same with the |
jbudz
approved these changes
Dec 5, 2023
So the issue is actually in the In the file const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
};and should be: const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
revision: installedCurrentVersion.revision + 1,
};since With this fix, the diff will show an update of My opinion is that we should hide it from the user (although not necessarily in this PR due to time constraints, but as a follow-up). Maybe @banderror has an opinion? |
|
Actually, we need a slightly larger fix in:
const targetRule: RuleResponse = {
...convertPrebuiltRuleAssetToRuleResponse(targetVersion),
id: installedCurrentVersion.id,
revision: installedCurrentVersion.revision + 1,
created_at: installedCurrentVersion.created_at,
updated_at: new Date().toISOString(),
updated_by: installedCurrentVersion.updated_by,
created_by: installedCurrentVersion.created_by,
};because:
|
nikitaindik
force-pushed
the
json-diff-for-rule-upgrade
branch
from
da2b4ec
to
04750b5
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @nikitaindik |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Dec 8, 2023
…astic#172535) ## Summary **Resolves: elastic#169160 **Resolves: elastic#166164 **Docs issue: elastic/security-docs#4371 This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations. <img width="1313" alt="Schermafbeelding 2023-12-05 om 02 48 37" src="https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7"> ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] Functional changes are communicated to the Docs team. A ticket or PR is opened in https://github.com/elastic/security-docs. The following information is included: any feature flags used, affected environments (Serverless, ESS, or both). ([Docs issue](elastic/security-docs#4371)) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ([Docs issue](elastic/security-docs#4371)) - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (will be added in a follow-up PR) - [ ] Functional changes are covered with a test plan and automated tests (will be added in a follow-up PR) - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (Doesn't look great on phone screen, because viewing diff requires a lot of horizontal space. Tablets are fine though.) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) - [x] Functional changes are hidden behind a feature flag. If not hidden, the PR explains why these changes are being implemented in a long-living feature branch. - [x] Comprehensive manual testing is done by two engineers: the PR author and one of the PR reviewers. Changes are tested in both ESS and Serverless. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]> (cherry picked from commit e5a6b97)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Dec 8, 2023
…low (#172535) (#172957) # Backport This will backport the following commits from `main` to `8.12`: - [[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)](#172535) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Nikita Indik","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-12-08T15:16:42Z","message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241","branchLabelMapping":{"^v8.13.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Detections and Resp","Team: SecuritySolution","release_note:feature","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.12.0","v8.13.0"],"number":172535,"url":"https://github.com/elastic/kibana/pull/172535","mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}},"sourceBranch":"main","suggestedTargetBranches":["8.12"],"targetPullRequestStates":[{"branch":"8.12","label":"v8.12.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.13.0","labelRegex":"^v8.13.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/172535","number":172535,"mergeCommit":{"message":"[Security Solution] JSON diff view for prebuilt rule upgrade flow (#172535)\n\n## Summary\r\n\r\n**Resolves: https://github.com/elastic/kibana/issues/169160**\r\n**Resolves: https://github.com/elastic/kibana/issues/166164**\r\n**Docs issue: https://github.com/elastic/security-docs/issues/4371**\r\n\r\nThis PR adds a new \"Updates\" tab to the prebuilt rules upgrade flyout.\r\nThis tab shows a diff between the installed and updated rule JSON\r\nrepresentations.\r\n\r\n<img width=\"1313\" alt=\"Schermafbeelding 2023-12-05 om 02 48 37\"\r\nsrc=\"https://github.com/elastic/kibana/assets/15949146/ec0f95c6-22c6-4ce6-a6cc-0ceee974c6f7\">\r\n\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x] Functional changes are communicated to the Docs team. A ticket or\r\nPR is opened in https://github.com/elastic/security-docs. The following\r\ninformation is included: any feature flags used, affected environments\r\n(Serverless, ESS, or both). ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials ([Docs\r\nissue](https://github.com/elastic/security-docs/issues/4371))\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios (will be added\r\nin a follow-up PR)\r\n- [ ] Functional changes are covered with a test plan and automated\r\ntests (will be added in a follow-up PR)\r\n- [x] Any UI touched in this PR is usable by keyboard only (learn more\r\nabout [keyboard accessibility](https://webaim.org/techniques/keyboard/))\r\n- [x] Any UI touched in this PR does not create any new axe failures\r\n(run axe in browser:\r\n[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),\r\n[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))\r\n- [x] This renders correctly on smaller devices using a responsive\r\nlayout. (Doesn't look great on phone screen, because viewing diff\r\nrequires a lot of horizontal space. Tablets are fine though.)\r\n- [x] This was checked for [cross-browser\r\ncompatibility](https://www.elastic.co/support/matrix#matrix_browsers)\r\n- [x] Functional changes are hidden behind a feature flag. If not\r\nhidden, the PR explains why these changes are being implemented in a\r\nlong-living feature branch.\r\n- [x] Comprehensive manual testing is done by two engineers: the PR\r\nauthor and one of the PR reviewers. Changes are tested in both ESS and\r\nServerless.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"e5a6b978b8eca4ac275b72e88415e2238315a241"}}]}] BACKPORT--> Co-authored-by: Nikita Indik <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Resolves: #169160
Resolves: #166164
Docs issue: elastic/security-docs#4371
This PR adds a new "Updates" tab to the prebuilt rules upgrade flyout. This tab shows a diff between the installed and updated rule JSON representations.
Checklist
Delete any items that are not applicable to this PR.