elastic · patrykkopycinski · May 25, 2022 · May 24, 2022 · May 24, 2022 · May 24, 2022
@@ -79,7 +79,7 @@ describe('ALL - Add Integration', () => {
   it('should have integration and packs copied when upgrading integration', () => {
     const packageName = 'osquery_manager';
     const oldVersion = '1.2.0';
-    const newVersion = '1.3.0';
+    const newVersion = '1.3.1';
 
     cy.visit(`app/integrations/detail/${packageName}-${oldVersion}/overview`);
     cy.contains('Add Osquery Manager').click();

@@ -17,7 +17,6 @@ import {
 import { FormattedMessage } from '@kbn/i18n-react';
 import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { useMutation } from 'react-query';
-import deepMerge from 'deepmerge';
 import styled from 'styled-components';
 
 import { pickBy, isEmpty, map } from 'lodash';
@@ -110,8 +109,13 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
     options: {
       stripEmptyFields: false,
     },
-    // eslint-disable-next-line @typescript-eslint/naming-convention
-    serializer: ({ savedQueryId, ecs_mapping, ...formData }) =>
+    // @ts-expect-error update types
+    serializer: ({
+      savedQueryId,
+      // eslint-disable-next-line @typescript-eslint/naming-convention
+      ecs_mapping,
+      ...formData
+    }) =>
       pickBy(
         {
           ...formData,
@@ -120,20 +124,17 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
         },
         (value) => !isEmpty(value)
       ),
-    defaultValue: deepMerge(
-      {
-        agentSelection: {
-          agents: [],
-          allAgentsSelected: false,
-          platformsSelected: [],
-          policiesSelected: [],
-        },
-        query: '',
-        savedQueryId: null,
-        ecs_mapping: [],
+    defaultValue: {
+      agentSelection: {
+        agents: [],
+        allAgentsSelected: false,
+        platformsSelected: [],
+        policiesSelected: [],
       },
-      defaultValue ?? {}
-    ),
+      query: '',
+      savedQueryId: null,
+      ecs_mapping: [],
+    },
   });
 
   const { updateFieldValues, setFieldValue, submit, isSubmitting } = form;
@@ -182,6 +183,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
         updateFieldValues({
           query: savedQuery.query,
           savedQueryId: savedQuery.savedQueryId,
+          // @ts-expect-error update types
           ecs_mapping: savedQuery.ecs_mapping
             ? map(savedQuery.ecs_mapping, (value, key) => ({
                 key,
@@ -359,6 +361,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
         agentSelection: defaultValue.agentSelection,
         query: defaultValue.query,
         savedQueryId: defaultValue.savedQueryId,
+        // @ts-expect-error update types
         ecs_mapping: defaultValue.ecs_mapping
           ? map(defaultValue.ecs_mapping, (value, key) => ({
               key,

@@ -143,7 +143,7 @@ const QueriesFieldComponent: React.FC<QueriesFieldProps> = ({
               pickBy(
                 {
                   id: newQueryId,
-                  interval: newQuery.interval ?? parsedContent.interval,
+                  interval: newQuery.interval ?? parsedContent.interval ?? '3600',
                   query: newQuery.query,
                   version: newQuery.version ?? parsedContent.version,
                   platform: getSupportedPlatforms(newQuery.platform ?? parsedContent.platform),

@@ -398,7 +398,7 @@ const OsqueryColumnFieldComponent: React.FC<OsqueryColumnFieldProps> = ({
       return ecsKeySchemaOption?.value?.normalization !== 'array';
     }
 
-    return true;
+    return !!ecsKey?.length;
   }, [typeValue, formData, item.path]);
 
   const onTypeChange = useCallback(
@@ -637,6 +637,7 @@ export const ECSMappingEditorForm: React.FC<ECSMappingEditorFormProps> = ({
               osquerySchemaOptions,
               editForm: !isLastItem,
             },
+            readDefaultValueOnForm: !item.isNew,
             config: {
               valueChangeDebounceTime: 300,
               type: FIELD_TYPES.COMBO_BOX,
@@ -702,6 +703,7 @@ export const ECSMappingEditorForm: React.FC<ECSMappingEditorFormProps> = ({
                 component={ECSComboboxField}
                 euiFieldProps={ecsComboBoxEuiFieldProps}
                 validationData={validationData}
+                readDefaultValueOnForm={!item.isNew}
                 // @ts-expect-error update types
                 config={config}
               />
@@ -1017,7 +1019,9 @@ export const ECSMappingEditorField = React.memo(
         if (itemKey) {
           const serializedFormData = formDataSerializer();
           const itemValue =
-            serializedFormData.ecs_mapping && serializedFormData.ecs_mapping[`${itemKey}`]?.field;
+            serializedFormData.ecs_mapping &&
+            (serializedFormData.ecs_mapping[`${itemKey}`]?.field ||
+              serializedFormData.ecs_mapping[`${itemKey}`]?.value);
 
           if (itemValue && onAdd.current) {
             onAdd.current();

@@ -30,6 +30,7 @@ import { ALL_OSQUERY_VERSIONS_OPTIONS } from './constants';
 import { UsePackQueryFormProps, PackFormData, usePackQueryForm } from './use_pack_query_form';
 import { SavedQueriesDropdown } from '../../saved_queries/saved_queries_dropdown';
 import { ECSMappingEditorField } from './lazy_ecs_mapping_editor_field';
+import { useKibana } from '../../common/lib/kibana';
 
 const CommonUseField = getUseField({ component: Field });
 
@@ -46,6 +47,7 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
   onSave,
   onClose,
 }) => {
+  const permissions = useKibana().services.application.capabilities.osquery;
   const [isEditMode] = useState(!!defaultValue);
   const { form } = usePackQueryForm({
     uniqueQueryIds,
@@ -117,7 +119,7 @@ const QueryFlyoutComponent: React.FC<QueryFlyoutProps> = ({
       </EuiFlyoutHeader>
       <EuiFlyoutBody>
         <Form form={form}>
-          {!isEditMode ? (
+          {!isEditMode && permissions.readSavedQueries ? (
             <>
               <SavedQueriesDropdown onChange={handleSetQueryValue} />
               <EuiSpacer />

@@ -14,7 +14,7 @@ import { FIELD_TYPES } from '../../shared_imports';
 
 import {
   createIdFieldValidations,
-  intervalFieldValidation,
+  intervalFieldValidations,
   queryFieldValidation,
 } from './validations';
 
@@ -46,7 +46,7 @@ export const createFormSchema = (ids: Set<string>) => ({
     label: i18n.translate('xpack.osquery.pack.queryFlyoutForm.intervalFieldLabel', {
       defaultMessage: 'Interval (s)',
     }),
-    validations: [{ validator: intervalFieldValidation }],
+    validations: intervalFieldValidations,
   },
   platform: {
     type: FIELD_TYPES.TEXT,

@@ -7,7 +7,7 @@
 
 import { i18n } from '@kbn/i18n';
 
-import { ValidationFunc, fieldValidators } from '../../shared_imports';
+import { ValidationConfig, ValidationFunc, fieldValidators } from '../../shared_imports';
 export { queryFieldValidation } from '../../common/validations';
 
 const idPattern = /^[a-zA-Z0-9-_]+$/;
@@ -48,14 +48,30 @@ export const createIdFieldValidations = (ids: Set<string>) => [
   createUniqueIdValidation(ids),
 ];
 
-export const intervalFieldValidation: ValidationFunc<
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  any,
-  string,
-  number
-> = fieldValidators.numberGreaterThanField({
-  than: 0,
-  message: i18n.translate('xpack.osquery.pack.queryFlyoutForm.invalidIntervalField', {
-    defaultMessage: 'A positive interval value is required',
-  }),
-});
+export const intervalFieldValidations: Array<
+  ValidationConfig<
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    any,
+    string,
+    number
+  >
+> = [
+  {
+    validator: fieldValidators.numberGreaterThanField({
+      than: 0,
+      message: i18n.translate('xpack.osquery.pack.queryFlyoutForm.intervalFieldMinNumberError', {
+        defaultMessage: 'A positive interval value is required',
+      }),
+    }),
+  },
+  {
+    validator: fieldValidators.numberSmallerThanField({
+      than: 604800,
+      message: ({ than }) =>
+        i18n.translate('xpack.osquery.pack.queryFlyoutForm.intervalFieldMaxNumberError', {
+          defaultMessage: 'An interval value must be lower than {than}',
+          values: { than },
+        }),
+    }),
+  },
+];
@@ -12,6 +12,7 @@ export type {
   FormData,
   FormHook,
   FormSchema,
+  ValidationConfig,
   ValidationError,
   ValidationFunc,
   ValidationFuncArg,

@@ -19,14 +19,16 @@ const getInstallation = async (osqueryContext: OsqueryAppContext) =>
 
 export const getInstalledSavedQueriesMap = async (osqueryContext: OsqueryAppContext) => {
   const installation = await getInstallation(osqueryContext);
+
   if (installation) {
-    return reduce(
+    return reduce<KibanaAssetReference, Record<string, KibanaAssetReference>>(
       installation.installed_kibana,
-      // @ts-expect-error not sure why it shouts, but still it's properly typed
-      (acc: Record<string, KibanaAssetReference>, item: KibanaAssetReference) => {
+      (acc, item) => {
         if (item.type === savedQuerySavedObjectType) {
           return { ...acc, [item.id]: item };
         }
+
+        return acc;
       },
       {}
     );

diff --git a/...ecurity_solution/public/timelines/components/side_panel/__snapshots__/index.test.tsx.snap b/...ecurity_solution/public/timelines/components/side_panel/__snapshots__/index.test.tsx.snap
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
@@ -21926,7 +21926,7 @@
     "xpack.osquery.pack.queryFlyoutForm.idFieldLabel": "ID",
     "xpack.osquery.pack.queryFlyoutForm.intervalFieldLabel": "Intervalle (s)",
     "xpack.osquery.pack.queryFlyoutForm.invalidIdError": "Les caractères doivent être alphanumériques, _ ou -",
-    "xpack.osquery.pack.queryFlyoutForm.invalidIntervalField": "Une valeur d'intervalle positive est requise",
+    "xpack.osquery.pack.queryFlyoutForm.intervalFieldMinNumberError": "Une valeur d'intervalle positive est requise",
     "xpack.osquery.pack.queryFlyoutForm.mappingEcsFieldLabel": "Champ ECS",
     "xpack.osquery.pack.queryFlyoutForm.mappingValueFieldLabel": "Valeur",
     "xpack.osquery.pack.queryFlyoutForm.osqueryResultFieldRequiredErrorMessage": "Valeur obligatoire.",