[Security Solution] Fix rules filtering after enabling/disabling a rule #151284
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maximpn
added
bug
maximpn
force-pushed
the
fix-rules-filtering-after-enabling-or-disabling
branch
from
c214b7f to
f8247be
Compare
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
@elasticmachine merge upstream |
xcrzx
reviewed
Feb 20, 2023
Comment on lines
+57
to
+59
| // Mark this query as immediately stale helps to avoid problems related to filtering. | ||
| // e.g. enabled and disabled state filter require data update which happens at the backend side | ||
| staleTime: 0, |
There was a problem hiding this comment.
Thanks for the fix, @maximpn. And appreciate the comment here.
Could you please also add staleTime: 0 to the useFetchRuleByIdQuery hook? So we'll be sure no stale data is displayed on the rule detail page.
maximpn
force-pushed
the
fix-rules-filtering-after-enabling-or-disabling
branch
from
eb31e9d to
895564e
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @maximpn |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
maximpn
added a commit
to maximpn/kibana
that referenced
this pull request
Feb 22, 2023
…le (elastic#151284) **Addresses:** elastic#151151 ## Summary It fixes rules filtering after enabling or disabling a rule. ### Details The problem is caused by improper cache invalidation. Rules cache used to be modified upon enabling or disabling one or more rules but it started causing troubles after introduction a filter by enabled or disabled state. Cached rules modification is is complex and bug prone especially taking into account it will need to mirror backend logic and further plans on extending rule filers. So the simplest solution is invalidation of the whole rules cache. Though it may also lead to unfriendly UX when disabled or enabled rules "jump" in the table. The best approach is marking find rule request cached data as stale so data is refetched each time use changes filter state, sort by field or use pagination. **Before:** https://user-images.githubusercontent.com/1938181/218776621-f8903a88-1685-4a2c-9074-02fac0623dc4.mov **After:** https://user-images.githubusercontent.com/3775283/219630525-af109575-3a01-4988-bb6b-690473d33b80.mov ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 9683beb)
banderror
added
impact:high
maximpn
added a commit
that referenced
this pull request
Feb 24, 2023
…g a rule (#151284) (#151861) # Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution] Fix rules filtering after enabling/disabling a rule (#151284)](#151284) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Maxim Palenov","email":"maxim.palenov@elastic.co"},"sourceCommit":{"committedDate":"2023-02-21T09:43:25Z","message":"[Security Solution] Fix rules filtering after enabling/disabling a rule (#151284)\n\n**Addresses:** https://github.com/elastic/kibana/issues/151151\r\n\r\n## Summary\r\n\r\nIt fixes rules filtering after enabling or disabling a rule.\r\n\r\n### Details\r\n\r\nThe problem is caused by improper cache invalidation. Rules cache used to be modified upon enabling or disabling one or more rules but it started causing troubles after introduction a filter by enabled or disabled state. Cached rules modification is is complex and bug prone especially taking into account it will need to mirror backend logic and further plans on extending rule filers. So the simplest solution is invalidation of the whole rules cache. Though it may also lead to unfriendly UX when disabled or enabled rules \"jump\" in the table. The best approach is marking find rule request cached data as stale so data is refetched each time use changes filter state, sort by field or use pagination.\r\n\r\n**Before:**\r\n\r\nhttps://user-images.githubusercontent.com/1938181/218776621-f8903a88-1685-4a2c-9074-02fac0623dc4.mov\r\n\r\n**After:**\r\n\r\nhttps://user-images.githubusercontent.com/3775283/219630525-af109575-3a01-4988-bb6b-690473d33b80.mov\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9683beba6af5f78fa88350aa5bcab95d767cd763","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rules","v8.7.0","v8.8.0"],"number":151284,"url":"https://github.com/elastic/kibana/pull/151284","mergeCommit":{"message":"[Security Solution] Fix rules filtering after enabling/disabling a rule (#151284)\n\n**Addresses:** https://github.com/elastic/kibana/issues/151151\r\n\r\n## Summary\r\n\r\nIt fixes rules filtering after enabling or disabling a rule.\r\n\r\n### Details\r\n\r\nThe problem is caused by improper cache invalidation. Rules cache used to be modified upon enabling or disabling one or more rules but it started causing troubles after introduction a filter by enabled or disabled state. Cached rules modification is is complex and bug prone especially taking into account it will need to mirror backend logic and further plans on extending rule filers. So the simplest solution is invalidation of the whole rules cache. Though it may also lead to unfriendly UX when disabled or enabled rules \"jump\" in the table. The best approach is marking find rule request cached data as stale so data is refetched each time use changes filter state, sort by field or use pagination.\r\n\r\n**Before:**\r\n\r\nhttps://user-images.githubusercontent.com/1938181/218776621-f8903a88-1685-4a2c-9074-02fac0623dc4.mov\r\n\r\n**After:**\r\n\r\nhttps://user-images.githubusercontent.com/3775283/219630525-af109575-3a01-4988-bb6b-690473d33b80.mov\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9683beba6af5f78fa88350aa5bcab95d767cd763"}},"sourceBranch":"main","suggestedTargetBranches":["8.7"],"targetPullRequestStates":[{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151284","number":151284,"mergeCommit":{"message":"[Security Solution] Fix rules filtering after enabling/disabling a rule (#151284)\n\n**Addresses:** https://github.com/elastic/kibana/issues/151151\r\n\r\n## Summary\r\n\r\nIt fixes rules filtering after enabling or disabling a rule.\r\n\r\n### Details\r\n\r\nThe problem is caused by improper cache invalidation. Rules cache used to be modified upon enabling or disabling one or more rules but it started causing troubles after introduction a filter by enabled or disabled state. Cached rules modification is is complex and bug prone especially taking into account it will need to mirror backend logic and further plans on extending rule filers. So the simplest solution is invalidation of the whole rules cache. Though it may also lead to unfriendly UX when disabled or enabled rules \"jump\" in the table. The best approach is marking find rule request cached data as stale so data is refetched each time use changes filter state, sort by field or use pagination.\r\n\r\n**Before:**\r\n\r\nhttps://user-images.githubusercontent.com/1938181/218776621-f8903a88-1685-4a2c-9074-02fac0623dc4.mov\r\n\r\n**After:**\r\n\r\nhttps://user-images.githubusercontent.com/3775283/219630525-af109575-3a01-4988-bb6b-690473d33b80.mov\r\n\r\n\r\n### Checklist\r\n\r\n- [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios","sha":"9683beba6af5f78fa88350aa5bcab95d767cd763"}}]}] BACKPORT--> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses: #151151
Summary
It fixes rules filtering after enabling or disabling a rule.
Details
The problem is caused by improper cache invalidation. Rules cache used to be modified upon enabling or disabling one or more rules but it started causing troubles after introduction a filter by enabled or disabled state. Cached rules modification is is complex and bug prone especially taking into account it will need to mirror backend logic and further plans on extending rule filers. So the simplest solution is invalidation of the whole rules cache. Though it may also lead to unfriendly UX when disabled or enabled rules "jump" in the table. The best approach is marking find rule request cached data as stale so data is refetched each time use changes filter state, sort by field or use pagination.
Before:
Screen.Recording.2023-02-14.at.16.04.27.mov
After:
Screen.Recording.2023-02-17.at.11.59.43.mov
Checklist