Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Disable deprecated rules bulk CRUD API endpoints in Serverless and 9.0 #197422

Conversation

banderror
Copy link
Contributor

@banderror banderror commented Oct 23, 2024

Partially addresses: #193184
Breaking change proposal: https://github.com/elastic/dev/issues/2772 (internal)

Summary

This PR disables the following deprecated bulk API endpoints for creating, updating and deleting detection rules from Elastic Security APIs in Serverless and upcoming v9.0.0:

Method Endpoint
POST /api/detection_engine/rules/_bulk_create
PUT /api/detection_engine/rules/_bulk_update
PATCH /api/detection_engine/rules/_bulk_update
DELETE /api/detection_engine/rules/_bulk_delete
POST /api/detection_engine/rules/_bulk_delete

Specifically, as a first step we remove the endpoints from the route registrations. Once https://github.com/elastic/dev/issues/2772 is approved, we will merge this PR and remove the corresponding endpoint handlers and associated code in a follow-up PR.

Checklist

For maintainers

@banderror banderror added release_note:breaking backport:skip This commit does not require backporting v9.0.0 Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Breaking Change Feature:Rule Management Security Solution Detection Rule Management area Team:Detection Rule Management Security Detection Rule Management Team labels Oct 23, 2024
@banderror banderror self-assigned this Oct 23, 2024
@banderror banderror force-pushed the disable-deprecated-rules-bulk-crud-api-endpoints branch 3 times, most recently from 2a35118 to c6e7615 Compare October 24, 2024 10:26
@banderror banderror marked this pull request as ready for review October 24, 2024 13:44
@banderror banderror requested a review from a team as a code owner October 24, 2024 13:44
@banderror banderror requested a review from dplumlee October 24, 2024 13:44
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@banderror banderror force-pushed the disable-deprecated-rules-bulk-crud-api-endpoints branch 2 times, most recently from 6979982 to 05b91bd Compare October 30, 2024 21:11
@banderror banderror force-pushed the disable-deprecated-rules-bulk-crud-api-endpoints branch from 05b91bd to 21f1e87 Compare November 1, 2024 16:47
Comment on lines +49 to +56
await Promise.all([
securitySolutionApi
.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) })
.expect(200),
securitySolutionApi
.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-2' }) })
.expect(200),
]);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking if these changes to rules export tests should go in a separate PR so that we could backport them to 8.x to decrease the chance of introducing conflicts with any other follow-up PRs related to rule import/export that will be merged to 8.x.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I'll open a new PR against 8.x after merging this one 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dplumlee Here we go, looking for a quick 👍 : #198953

Copy link
Contributor

@dplumlee dplumlee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested all deleted routes locally and received a 404 error for everything, lgtm!

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

cc @banderror

@banderror banderror merged commit f3addae into elastic:main Nov 1, 2024
43 checks passed
@banderror banderror deleted the disable-deprecated-rules-bulk-crud-api-endpoints branch November 1, 2024 21:02
banderror added a commit that referenced this pull request Nov 6, 2024
…rt tests (#198953)

**Follow-up to:**
#197422 (comment)

## Summary

This PR manually "backports" some of the changes from
#197422 directly to the `8.x`
branch. Specifically, it removes API calls to the rules `_bulk_create`
API endpoint from the tests for exporting rules. This API endpoint has
been disabled in `main` (=> Serverless and Kibana 9.0) and should not be
used in code. This PR aims to reduce the chances of introducing
conflicts with any further changes to rule export tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting Breaking Change Feature:Rule Management Security Solution Detection Rule Management area release_note:breaking Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants