-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Return user-customized fields from the POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version
#180154
Comments
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
POST /prebuilt_rules/upgrade/_review_
API endpoint even if they haven't been updated by Elastic in the target versionPOST /prebuilt_rules/upgrade/_review_
API endpoint even if they haven't been updated by Elastic in the target version (DRAFT)
POST /prebuilt_rules/upgrade/_review_
API endpoint even if they haven't been updated by Elastic in the target version (DRAFT)POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version (DRAFT)
POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version (DRAFT)POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version
I've added this in #184889 for future diffing logic to adhere to when full prebuilt rule customization is implemented. In the meantime, this is the way the current per-field diff UI handles returning the
|
@dplumlee Great update and questions, thank you. I agree that the best way to proceed would be:
As far as I understand, we already have the same issue in the JSON diff UI. Since we don't use the |
) ## Summary Completes related tickets: #180160 and #180158 Switches fields to use the diff algorithms assigned to them in the related tickets Adds integration tests in accordance to #184484 for the `upgrade/_review` API endpoint for the simple diff algorithm. Also changes logic in the `upgrade/_review` API endpoint to return user customized fields in the diffs even if there was not an update for that field. This new logic is described in #180154. We filter out the fields that fall under this new logic so that they are only returned from the API but not displayed in the per-field rule diff flyout as the current UI cannot support them. They are utilized in testing logic and will be implemented in the UI at a later date ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@dplumlee @jpdjere @nikitaindik @xcrzx As a follow-up to our chat yesterday, I'm posting an update and closing this ticket. The issue was addressed in #184889:
We now return all the diffs from the API except Lines 123 to 127 in 74c4d3a
And Lines 42 to 58 in 74c4d3a
We will address this in #171520. |
Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168
Summary
POST /prebuilt_rules/upgrade/_review
API endpoint even if they haven't been updated by Elastic in the target version.Background
diff.fields
property of the endpoint's response if the outcome of the diff for that field is:StockValueCanUpdate = 'BASE=A, CURRENT=A, TARGET=B'
CustomizedValueCanUpdate = 'BASE=A, CURRENT=B, TARGET=C',
We need to expand these scenarios so that also a field diff is returned in
diff.fields
if the diff outcome is, additionally:CustomizedValueNoUpdate = 'BASE=A, CURRENT=B, TARGET=A'
and'CustomizedValueSameUpdate = 'BASE=A, CURRENT=B, TARGET=B'
NOTE: in the Upgrade Workflow UI, these fields will appear auto-accepted and collapsed, with the accepted version of the field being the current value of the rule.
The text was updated successfully, but these errors were encountered: