From e88c12a70d50bb43c4e933bb5dfb5e72d49a60ce Mon Sep 17 00:00:00 2001
From: Jonathan Buttner <56361221+jonathan-buttner@users.noreply.github.com>
Date: Tue, 4 Aug 2020 12:54:20 -0400
Subject: [PATCH] Using msearch for tree api endpoint (#73813)

---
 .../server/endpoint/routes/resolver/tree.ts   | 40 +++++--------------
 .../utils/children_lifecycle_query_handler.ts |  2 +-
 .../endpoint/routes/resolver/utils/fetch.ts   |  2 +-
 .../apis/index.ts                             |  4 +-
 .../apis/resolver/entity_id.ts                |  2 +-
 .../apis/resolver/index.ts                    | 16 ++++++++
 .../apis/resolver/tree.ts                     |  2 +-
 7 files changed, 30 insertions(+), 38 deletions(-)
 create mode 100644 x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts

diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts
index 33011078ee8233..02cddc3ddcf6ef 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts
@@ -9,7 +9,6 @@ import { TypeOf } from '@kbn/config-schema';
 import { eventsIndexPattern, alertsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateTree } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
-import { Tree } from './utils/tree';
 import { EndpointAppContext } from '../../types';
 
 export function handleTree(
@@ -17,42 +16,21 @@ export function handleTree(
   endpointAppContext: EndpointAppContext
 ): RequestHandler<TypeOf<typeof validateTree.params>, TypeOf<typeof validateTree.query>> {
   return async (context, req, res) => {
-    const {
-      params: { id },
-      query: {
-        children,
-        ancestors,
-        events,
-        alerts,
-        afterAlert,
-        afterEvent,
-        afterChild,
-        legacyEndpointID: endpointID,
-      },
-    } = req;
     try {
       const client = context.core.elasticsearch.legacy.client;
 
-      const fetcher = new Fetcher(client, id, eventsIndexPattern, alertsIndexPattern, endpointID);
+      const fetcher = new Fetcher(
+        client,
+        req.params.id,
+        eventsIndexPattern,
+        alertsIndexPattern,
+        req.query.legacyEndpointID
+      );
 
-      const [childrenNodes, ancestry, relatedEvents, relatedAlerts] = await Promise.all([
-        fetcher.children(children, afterChild),
-        fetcher.ancestors(ancestors),
-        fetcher.events(events, afterEvent),
-        fetcher.alerts(alerts, afterAlert),
-      ]);
-
-      const tree = new Tree(id, {
-        ancestry,
-        children: childrenNodes,
-        relatedEvents,
-        relatedAlerts,
-      });
-
-      const enrichedTree = await fetcher.stats(tree);
+      const tree = await fetcher.tree(req.query);
 
       return res.ok({
-        body: enrichedTree.render(),
+        body: tree.render(),
       });
     } catch (err) {
       log.warn(err);
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts
index 8aaf809405d631..ab610dc9776caa 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/children_lifecycle_query_handler.ts
@@ -66,6 +66,6 @@ export class ChildrenLifecycleQueryHandler implements SingleQueryHandler<Resolve
     }
 
     this.handleResponse(await this.query.search(client, this.childrenHelper.getEntityIDs()));
-    return this.getResults() || createChildren();
+    return this.getResults() ?? createChildren();
   }
 }
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
index feb165c308a91c..43c10d552ab4e1 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/resolver/utils/fetch.ts
@@ -172,7 +172,7 @@ export class Fetcher {
     );
 
     // now that we have all the start events get the full lifecycle nodes
-    childrenLifecycleHandler.search(this.client);
+    await childrenLifecycleHandler.search(this.client);
 
     const tree = new Tree(this.id, {
       ancestry: ancestryHandler.getResults(),
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
index 90db224f31839d..8b4a73b7eb848b 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/index.ts
@@ -26,9 +26,7 @@ export default function endpointAPIIntegrationTests(providerContext: FtrProvider
     before(async () => {
       await ingestManager.setup();
     });
-    loadTestFile(require.resolve('./resolver/entity_id'));
-    loadTestFile(require.resolve('./resolver/tree'));
-    loadTestFile(require.resolve('./resolver/children'));
+    loadTestFile(require.resolve('./resolver/index'));
     loadTestFile(require.resolve('./metadata'));
     loadTestFile(require.resolve('./policy'));
     loadTestFile(require.resolve('./artifacts'));
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
index 231871fae3d39a..cb6c49e17c7125 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/entity_id.ts
@@ -16,7 +16,7 @@ import {
 } from '../../../../plugins/security_solution/common/endpoint/generate_data';
 import { InsertedEvents } from '../../services/resolver';
 
-export default function resolverAPIIntegrationTests({ getService }: FtrProviderContext) {
+export default function ({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
   const resolver = getService('resolverGenerator');
   const generator = new EndpointDocGenerator('resolver');
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts
new file mode 100644
index 00000000000000..dc9a1fab9ec020
--- /dev/null
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/index.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { FtrProviderContext } from '../../ftr_provider_context';
+
+export default function (providerContext: FtrProviderContext) {
+  const { loadTestFile } = providerContext;
+
+  describe('Resolver tests', () => {
+    loadTestFile(require.resolve('./entity_id'));
+    loadTestFile(require.resolve('./children'));
+    loadTestFile(require.resolve('./tree'));
+  });
+}
diff --git a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts
index 758e26fd5eeced..7b511c3be74b54 100644
--- a/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts
+++ b/x-pack/test/security_solution_endpoint_api_int/apis/resolver/tree.ts
@@ -230,7 +230,7 @@ const verifyLifecycleStats = (
   }
 };
 
-export default function resolverAPIIntegrationTests({ getService }: FtrProviderContext) {
+export default function ({ getService }: FtrProviderContext) {
   const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
   const resolver = getService('resolverGenerator');