Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Osquery] 7.14 bug squash #105387

Merged
merged 15 commits into from
Jul 20, 2021
Merged

Conversation

lykkin
Copy link
Contributor

@lykkin lykkin commented Jul 13, 2021

Summary

Fixes:

  • Telemetry stats now accurately reflect query cardinality in groups + will no longer error when the saved objects go missing.

  • Saved query and scheduled query IDs must now be unique.
    unique_query_group
    unique_saved_query

  • Unhealthy agents will now appear in the live query agent selector, making the list more consistent with the aggregate group numbers.
    unhealthy_agents

  • Added an error message to expired live queries.
    image

@lykkin lykkin added bug Fixes for quality problems that affect the customer experience v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.14.0 Team:Asset Management Security Asset Management Team Feature:Osquery Security Solution Osquery feature auto-backport Deprecated - use backport:version if exact versions are needed v7.15.0 labels Jul 13, 2021
@lykkin lykkin requested a review from a team as a code owner July 13, 2021 06:58
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-asset-management (Team:Asset Management)

export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryFormProps) =>
useForm({
export const useSavedQueryForm = ({ defaultValue, handleSubmit }: UseSavedQueryFormProps) => {
const { data } = useSavedQueries({});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we move it to the backend?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i like the idea of having it fail validation eagerly, but i also like the idea of having redundant protections. i'll add a check in the backend for both this and the scheduled query endpoint

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i added additional logic to the saved query endpoints, but skipped on the scheduled query endpoints since it seems like they are commented out currently. it seems like all the saved object write logic is done on the frontend anyway, from what i can tell; the saved query ui elements don't actually call into the backend, unless i'm missing something.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're right 🤦
maybe let's move the validation fix to 7.15 and in this PR only merge telemetry, expired message, and agents count?
as we're going to introduce new logic for packs in 7.15 maybe we will be able to solve the validation differently

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'll rip out the backend logic, but i think it's worthwhile to keep the frontend validation in place to avoid the duplicate id problem. we can always rip it out when we implement something more general purpose.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it makes a lot of sense to me to put defensive logic around the points where the data is created/modified, so that sounds great. i'll add that.

id: SAVED_QUERY_FORM_ID + uuid.v4(),
schema: formSchema,
onSubmit: handleSubmit,
onSubmit: async (formData, isValid) => {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the forms were submitting even when they were invalid before, so i gated them on an isValid check. let me know if there's a better place to put this logic.

@lykkin lykkin requested a review from patrykkopycinski July 14, 2021 23:25
const ids = useMemo<string[]>(
() =>
data?.items
.find((value) => value.id === scheduledQueryGroupId)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as we are validating it now against the same scheduledQueryGroupId maybe we could just pass idSet directly to useScheduledQueryGroupQueryForm ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

currently idSet is only used by the form to validate, the hook retrieving the saved queries doesn't do any of that validation. were you thinking that the hook could be responsible for populating the set and pass it back?

i'm going to remove the find call and pass that into the hook at the least, as that will be less wasteful.

@lykkin
Copy link
Contributor Author

lykkin commented Jul 16, 2021

@elasticmachine merge upstream

@lykkin
Copy link
Contributor Author

lykkin commented Jul 19, 2021

@elasticmachine merge upstream

@lykkin lykkin requested a review from patrykkopycinski July 20, 2021 01:35
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
osquery 909.3KB 912.0KB +2.7KB

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@patrykkopycinski patrykkopycinski merged commit dd159f1 into elastic:master Jul 20, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jul 20, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Jul 20, 2021
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.14
7.x

The backport PRs will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Jul 20, 2021
Co-authored-by: Bryan Clement <bclement01@gmail.com>
kibanamachine added a commit that referenced this pull request Jul 20, 2021
Co-authored-by: Bryan Clement <bclement01@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed bug Fixes for quality problems that affect the customer experience Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Asset Management Security Asset Management Team v7.14.0 v7.15.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants