Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Osquery] Fix osquery response actions validations #144994

Merged

Conversation

tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented Nov 10, 2022

  • Unified the logic of showing Response Actions errors in Actions step ✅
  • The custom validation of response actions is now connected to the wrapper (actions rule step form). Since we do not know yet what the feedback for this feature is, I decided to go with rather a quick than generic approach, so there is no ''config'' for each response action. ✅
  • Fix wrong data update triggered by ''validation'' ✅
  • Open ecsMapping field if ecs isn't empty ✅
  • fix Osquery response action rerender issue ✅
  • fix backgroundColor issue ✅

Zrzut ekranu 2022-11-10 o 16 34 43

Zrzut ekranu 2022-11-10 o 16 37 43

@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

@tomsonpl tomsonpl self-assigned this Nov 17, 2022
@tomsonpl tomsonpl added bug Fixes for quality problems that affect the customer experience backport:skip This commit does not require backporting Team:Asset Management Security Asset Management Team Feature:Osquery Security Solution Osquery feature labels Nov 17, 2022
@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

@tomsonpl tomsonpl marked this pull request as ready for review November 22, 2022 09:14
@tomsonpl tomsonpl requested review from a team as code owners November 22, 2022 09:14
@patrykkopycinski patrykkopycinski marked this pull request as draft November 23, 2022 17:10
@patrykkopycinski patrykkopycinski removed the request for review from a team November 23, 2022 22:11
@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

Copy link
Contributor

@maximpn maximpn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomsonpl Rules Area LGTM

I left comments outside our area's responsibility so it may help to reason about improving the readability.

cy.getBySel('response-actions-list-item-0').within(() => {
cy.contains('Query is a required field');
inputQuery('select * from uptime1');
cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's unclear what cy.wait(1000); gives here. Why it should wait and why 1000ms? Cypress will anyway be able to click on osquery button.

cy.wait(1000); // wait for the validation to trigger - cypress is way faster than users ;)
});

cy.getBySel('.osquery-ResponseActionTypeSelectOption').click();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather move the selector to a shared file and use cy.get(OSQUERY_BTN) here.

It looks as a class name.osquery-ResponseActionTypeSelectOption though it's an data-test attribute. So it looks safe to remove the leading period.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 good idea, thank you!


cy.getBySel('.osquery-ResponseActionTypeSelectOption').click();

cy.getBySel('response-actions-list-item-1').within(() => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd rather move the selector to a shared file and use cy.get(RESPONSE_ACTIONS_ITEM1) here or something like that.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

cy.contains('select * from uptime');
cy.contains('Log message optimized for viewing in a log viewer');
cy.contains('Days of uptime');
});
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test is bulky and it's hard to read it due to that. The name doesn't fully reflect what's going on inside.

One of the options to improve it is to extract the repeating content into a separate helper functions with clear names.
Another approach is to split it into smaller tests but it's controversial since e2e tests aren't so light as unit tests and can have enough number of assertions.

@@ -68,6 +68,14 @@ const LiveQueryQueryFieldComponent: React.FC<LiveQueryQueryFieldProps> = ({
defaultValue: '',
});

useEffect(() => {
if (!isEmpty(ecsMapping)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid nested ifs since it reduces readability, it can be transformed into if (!isEmpty(ecsMapping) && advancedContentState === 'closed') {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

};
}
}, [errors, handleSubmit, isValid, item.id, onSubmit, ref, watchedValues]);
lastErrors.current = formState.errors;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is it required to have the lastErrors here as a reference. I don't see where lastErrors is used.

Copy link
Contributor Author

@tomsonpl tomsonpl Nov 28, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

edit: ouch, it's not that variable. Let me check more carefully :)

It is used above in line 756
if (!deepEqual(latestErrors.current, formState.errors.ecsMappingArray)) {

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed 👍

const { setErrors, clearErrors, value, setValue } = field;
const { osquery } = useKibana().services;

const OsqueryForm = useMemo(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it give any performance improvements?

}

export const ResponseActionTypeForm = React.memo((props: IProps) => {
const { item, onDeleteAction, formRef } = props;
const StyledEuiAccordion = styled(EuiAccordion)`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EUI exposes css prop for simple inline styling. It looks like a good fit here.

[key: string]: () => Promise<boolean>;
};
}
const FieldErrorsContainer = styled.div`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as I know EUI uses emotion under the hood so it's better to avoid adding more styled-components dependencies if we decide to get rid of it. There is a css helper which can be used from emotion for inline modifications

import { css } from '@emotion/react';

const withoutBottomMargin = css`
  margin-bottom: 0;
`;

...

<p css={withoutBottomMargin}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 good hint, thank you!


useEffect(() => {
setUIFieldErrors(() => {
const fieldErrors = reduce<string[], Array<{ type: string; errors: string[] }>>(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall reduce may look convenient but it makes the code bulky so it's harder to read. As a readability improvement it can be refactored to use for loops.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure about it, also not a fan of using for loops, but will give it a shot and try to experiment with it. Thanks!

@tomsonpl
Copy link
Contributor Author

@maximpn Big thanks for your comments, I'll go through all of them very carefully and make the improvements 👍 Thank you for the feedback and your time!

@patrykkopycinski patrykkopycinski marked this pull request as ready for review November 24, 2022 17:44
@tomsonpl
Copy link
Contributor Author

@elasticmachine merge upstream

Copy link
Contributor

@patrykkopycinski patrykkopycinski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

return {
code: 'ERR_FIELD_MISSING',
path,
message: '**ResponseActions:**\n Osquery Response Action is not available.\n ',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i18n, title/header should be separate from the actual error

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This piece of code does not exist anymore 👍

Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Investigations codeowners LGTM!

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 3313 3314 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
osquery 1019.4KB 1019.4KB +26.0B
securitySolution 9.6MB 9.6MB +4.0KB
total +4.1KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
osquery 4 5 +1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
osquery 48.5KB 48.3KB -192.0B
Unknown metric groups

ESLint disabled in files

id before after diff
osquery 1 2 +1

ESLint disabled line counts

id before after diff
enterpriseSearch 19 21 +2
fleet 59 65 +6
osquery 109 115 +6
securitySolution 443 448 +5
total +19

Total ESLint disabled count

id before after diff
enterpriseSearch 20 22 +2
fleet 68 74 +6
osquery 110 117 +7
securitySolution 520 525 +5
total +20

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @tomsonpl

@tomsonpl tomsonpl merged commit 1cb49bb into elastic:main Nov 28, 2022
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Nov 28, 2022
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.6

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Nov 28, 2022
…146391)

# Backport

This will backport the following commits from `main` to `8.6`:
- [[Osquery] Fix osquery response actions validations
(#144994)](#144994)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Tomasz
Ciecierski","email":"tomasz.ciecierski@elastic.co"},"sourceCommit":{"committedDate":"2022-11-28T13:37:14Z","message":"[Osquery]
Fix osquery response actions validations
(#144994)","sha":"1cb49bb4352b0c175c908727c6bd9e67dc73c70d","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Asset
Management","Feature:Osquery","v8.6.0","v8.7.0"],"number":144994,"url":"https://github.com/elastic/kibana/pull/144994","mergeCommit":{"message":"[Osquery]
Fix osquery response actions validations
(#144994)","sha":"1cb49bb4352b0c175c908727c6bd9e67dc73c70d"}},"sourceBranch":"main","suggestedTargetBranches":["8.6"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/144994","number":144994,"mergeCommit":{"message":"[Osquery]
Fix osquery response actions validations
(#144994)","sha":"1cb49bb4352b0c175c908727c6bd9e67dc73c70d"}}]}]
BACKPORT-->

Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience Feature:Osquery Security Solution Osquery feature release_note:skip Skip the PR/issue when compiling release notes Team:Asset Management Security Asset Management Team v8.6.0 v8.7.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants