Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Investigations] - Integrate details flyout with session view #3

Conversation

michaelolo24
Copy link
Collaborator

Summary

Based on this PR: elastic#127991

This PR introduces the ability to be able to open the alert details flyout from the session view component. It also provides users the ability to change the status of the alert from the flyout and see that change reflected within the session viewer. There is a bug with the session viewer currently where changing the status of the same alert back to back doesn't cause the expected change in the session viewer alert status the second time, but that will be fixed in a separate PR.

Screen.Recording.2022-03-23.at.9.21.29.AM.mov

Checklist

Delete any items that are not applicable to this PR.

@kqualters-elastic
Copy link
Owner

lgtm + will be reviewed as the whole thing, merging 👍

@michaelolo24
Copy link
Collaborator Author

Accidentally pushed main in my branch, will create a new one

@michaelolo24
Copy link
Collaborator Author

or undo that commit rather

@michaelolo24 michaelolo24 force-pushed the integrate-session-view-with-details-flyout branch from 6856408 to c811902 Compare March 24, 2022 20:37
@kqualters-elastic
Copy link
Owner

image

@kqualters-elastic kqualters-elastic merged commit 9b18ccd into kqualters-elastic:session-view-updated Mar 25, 2022
kqualters-elastic pushed a commit that referenced this pull request Nov 15, 2022
* Updated EUI to version 67.1.2. Updated instaces of ButtonColor from EUI to EuiButtonColor.

* Updated to EuiCard instances that utilize the betaBadgeProps object to return an empty string instead of undefined when the label is unavailable

* Removed two instances of the deprecated internetExplorerOnly() mixin

* Updated two instances of the ButtonColor import to EuiButtonColor as is was renamed in PR elastic#6150

* Updated snapshots in Jest Test Suite #1 to account for EuiButton and EuiCard Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiToolTipAnchor component that replaced the tooltip anchor styles

* Updated snapshots in Jest Test Suite #2 to account forEuiButton, EuiDescriptionList, EuiButtonIcon, and EuiBadge Emotion conversions.

* Updated snapshots in Jest Test Suite #3 to account for EuiDescriptionList, EuiButton, and EuiBadge Emotion conversions. Updated snapshots for EuiTooltip as if now contains the new EuiTooltipAnchor component that replaced the tooltop anchor styles

* Updated snapshots in Jest Test Suite #4 to account for EuiButton Emotion conversion.

* Updated snapshots in Jest Test Suite #5 to account for EuiButton Emotion conversion.

* Updated snapshots in Jest Test Suite elastic#8 to account for EuiButtonIcon and EuiButton Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.

* Updated snapshots in Jest Test Suite elastic#9 to account for EuiFlyout and EuiButton Emotion conversions.

* Updated snapshots in Jest Test Suite elastic#10 to account for EuiButton, EuiBadge, EuiButtonIcon, and EuiCard Emotion conversions. Updated snapshots for EuiToolTtip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles

* Updated instances of EuiButtonIconColor to use EuiButtonIconProps['color'] as it was removed in PR elastic#6150

* Updated tests that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors

* Updated snapshots in Jest Test Suite #1 to account for EuiButton and EuiCard Emotion conversions

* Added the EuiFlyout mixins and variables to Lens Sass file as EuiFlyout has been converted to Emotion and the Sass styles are no longer available in EUI

* Added the EuiCallOutTypes variable to Step Progress Sass file as EuiCallOut has been converted to Emotion and the Sass styles are no longer available in EUI

* Updated snapshots in Jest Test Suite #2 to account for recent Emotion conversions.
Updated snapshots in server_status.test.tsx to render EuiBadge before checking the snapshots to reduce the snapshot churn caused by Emotion.
Updated tests that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors

* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

* Added imports for the added flyout mixin. Removed references to EuiCallOut mixin as the component has been converted to Emotion and is no longer available for use.

* Updated unit tests and snapshots in Jest Test Suite elastic#10.
Updated snaphshots to account for EuiBadge, EuiDescriptionList, EuiFlyout, and EuiCard Emotion conversions. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.
Updated tests that target EuiButton to simulate click events to target a generic button element to prevent undefined click event errors

* Updated unit tests in Jest Test Suite elastic#11 that target EuiButton to simulate click events to target a generic button to prevent undefined click event errors

* Updated unit tests in Jest Test Suite elastic#12 by updating tests that target EuiButton to simulate click events. Instead, these tests now target a generic button element to prevent undefined click event errors

* Updated unit tests in Jest Test Suite #1 by updating tests that target EuiButton to simulate click events. Instead, these tests now target a generic button element to prevent undefined click event errors

* Updated unit tests in Jest Test Suite #2 by updating tests that use EuiButton to simulate click events. Instead, these test have been updated to target a button element to prevent undefined click event errors.

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Updated reference to mixins Sass file.
Updated snapshots for Jest Test Suite #5 to account for EuiButton Emotion conversion. Updated unit tests that target EuiButton to simulate click events. These tests have been updated to target a button element to prevent undefined click event errors

* Updated unit tests in Jest Test Suites 3, 7, 8, 13, and 14.
Updated snapshot to account for EuiButton Emotion conversion.
Updated tests that target EuiButton to simulate click events. These tests now target a generic button element to prevent undefined click event errors.
Updated a few snapshots by adding .render() before checking the snapshot. This will prevent large snapshots coming from recent Emotion conversions

* Updated snapshots in Jest Test Suite elastic#10 to account for the recent EuiButton Emotion conversion

* Updated unit tests in Jest Test Suite #2 by editing tests that target EuiButton to simulate click events. These tests now target a button element in order to prevent undefinde click event errors

* Updated snapshots in Jest Test Suite elastic#10 to account for EuiButton and EuiDescriptionList Emotion conversions

* Updated test cases in Jest Test Suites 3, 7, and 8. Updated snapshots to account for EuiButton and EuiPagination Emotion conversions.
Updated tests that target EuiButton to simulate click events. These tests now target a button element to prevent undefined click errors

* Updated test cases in Jest Test Suite 14. Updated snapshots to account for EuiButton Emotion conversion. Opted to use .render() when updating a few snapshots to reduce the large length of snapshots caused by Emotion

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Revised a change to betaBadgeProps to ensure that the label is available. If not, the value for the badge with be set to undefined.

* Resolved two linting errors

* Resolved two linting errors

* Updated Jest unit tests in various suites.
Updated snapshots to account for EuiButton Emotion conversion. Updated snapshots for EuiTooltip as it now contains the new EuiTooltipAnchor component that replaced the tooltip anchor styles.

* Updated EuiFlyout in query_flyout.tsx to remove the onClick function from maskProps as it is no longer available. Updated this flyout to use ownFocus and not to close when the overlay mask is clicked.

* Removed the use of EuiButtonIconColor in favor of EuiButtonIconProps['color']

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Updated Cypress test looking for strict equality on EuiPaginationButton class names to match a substring of the Emotion generated class name

* Removed unneeded debugging code. Updated snapshots for various test suites to account for the recent EuiButton Emotion conversion

* Updated a few EuiButton, EuiButtonEmpty, and EuiText components that set the color as ghost. The ghost color mode has been deprecated as of PR elastic#6150. These components now are wrapped in EuiThemeProvider with a dark colorMode to create the previous ghost color.

* Resolved  TS error with EuiCard betaBadgeProps

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Remove references to now-removed EuiFlyout CSS classes/vars

* Remove now-removed euiBadge className references

- Convert directly to EuiBadge instead of using CSS

- Remove confusing and now-possibly-irrelevant CSS badge overrides - left/right icons are now set via JSX and not via flex-direction

* Pre-emptively fix various euiOverlayMask CSS overrides

- this data attr isn't technically in yet but will be once elastic/eui#6289 merges

- at the very least this isn't breaking any more than it currently already is!

* Update to v67.1.3

* v67.1.4

* Resolved test failing test case in Security/Manage/Blocklist. The test did not remove focus from the last combo box in the form, which didn't allow the disbaled attribute to be removed from the flyout submit button. I've updated the mock file for Blocklist to return focus to the first form element in the flyout to allow the disabled attribute to be removed.

* Updated snapshots to account for the recent EuiText Emotion conversion

* Fix Log's custom tooltips relying on EuiTooltip classNames that no longer exist

* Fix Vega vis custom tooltips relying on EuiTooltip classNames that no longer exist

- this one is trickier than Log's as it's not using React, so we need to use Emotion's Global to set a static className

* Convert remaining vega_vis.scss to Emotion

- as an example of how other global + non global styles could be handled in the future

* Fix references to removed `euiPaginationButton-isActive` className

- use aria-current attribute instead

* Added missing EuiFlyoutAnimation keyframes for EuiFlyout. This resolved test that failed because they used onAnimationEnd because the FlyoutAnimation could not be found.

* Reolved Jest Tests in suites 1 and 5. Updated snapshots to account for the recent EuiButton Emotion conversion. Updated snapshots for EuiToolTip as it now contains the new EuiToolTipAnchor component that replaced the tooltip anchor styles.

* iterate on rules_list.test.tsx

* bump eui to v67.1.5

* Updatde snapshots for jest test suites to account for the recent EuiButton, EuiOverlayMask, EuiTooltip, and EuiBadge Emotion conversions

* Resolved failing security test by updating the target element for CONNECTOR_TITLE. EuiCard has recently been converted to Emotion and the card title is no longer wrapper in a span.

* Resolved failing test case in Runtime Fields. The modify runtime field test was failing because the combobox responsbible for adding and updating scripts was not appearing. The textbox did not appear because the shared setFieldScript function targets and toggles the script textbox when opening the flyout. When a runtime field is being modified, the toggle is already active and using the shared function will trigger the toggle again (losing access to the script textbox).
Also resolved an issue that prevented the warning EuiCallout to appear when changing the type of a runtime field from its original type. Resolved this by adding an enter keypress at the end of setFieldType function to confirm the type selection, thus triggering the EuiCallout

* Resolved two tests that were failing in Lens. These test were failing because they were checking for equality in class names that no longer exist within EuiButtonGroup as it was recently converted to Emotion. These tests were updated to check for a substring of the new and longer class name

* Quick fix in test case failing because of misspelling in data-test-sub

* Updated snapshot for Jest test case as EuiButton as recently been converted to Emotion

* Removed console.log statement. Oops!

* Resolved a failing test case in Lens. They were failing because they were checking for equality in class names that no longer exist within EuiButtonGroup as it was recently converted to Emotion. These tests were updated to check for a substring of the new and longer class name.
Updated a Security test case by giving a target button the data-test-subj attribute for easier querying

* Removed reference to EuiFlyout mixin as it has been converted to Emotion. Updated the reference to an interal copy of EuiFlyout styles

* Corrected spelling error in EuiFlyout animation in Lens app

* Update EUI with latest backport

* Update button snapshots

* fix another button snapshot

* More snapshot fixes

* [EuiButton][Security] Fix button relying on now-removed `euiButton__text` CSS

- replace removed CSS with `eui-textTruncate` util instead

- combine/DRY out unnecessary span - was affecting min-width of truncation util

+ increase screenshot diff limit - this was smaller than updating the actual baseline screenshots for whatever reason (likely render diff between local and CI)

* Fix remaining Jest tests affected by Emotion conversions

- because Emotion creates its own wrapper, `.first()` can no longer be used - prefer `.last()` instead

* Fix Jest test affected by EuiButton Emotion conversion + removed modifier class

- targeting the native DOM node + filtering by disabled true/false gets us back to the 'correct' lengths

* Fix + improve flyout test

- `.last()` changes to account for EuiButton Emotion conversion is needed, but the last onClose assertion still fails due to us having modified inputs, and the confirm modal being displayed

- split test into two separate tests - one testing the onClose call, and the other testing the confirm modal

* derpin

* Skip rules_list Jest suite

* Update new EuiButton snapshot

* Upgraded EUI version to 67.1.7

* [EuiCard] Update snapshots

* [EuiPopover] Update snapshots

* [QA] Fix missing Vega warn/error message colors

;_;

* [CI] Auto-commit changed files from 'node scripts/generate codeowners'

* Fix Lens kbnToolbarButton regressions

- Caused by flattening of EUI button CSS specificity

- background-color was previously relying on isDisabled CSS specificity to override its #fff color

- `text` color modifier & `!important` is no longer needed and overrides Emotion CSS flatly

- isDisabled class is no longer needed - euiButton no longer sets `pointer-events: none` on disabled buttons (fixes tooltip bug in webkit as well)

* Backport EUI 67.1.8 fixes

* Update EuiCard snapshots

* Fix EuiModal form wrapper causing overflow issues

- see https://elastic.github.io/eui/#/layout/modal#forms-in-a-modal

* Workaround for `.kbnOverlayMountWrapper` mount point causing overflow issues

- not sure what all is using this modal service to be honest, but the wrapper is causing issues with the modal layout, this fixes overflow issues but will not fix any mask-image issues as a result

* more snapshot updates

* EuiButton - added textProps to EuiButton to prevent very long button names from spilling over outside of the container

* EuiButton - Update EuiButton related snapshots. Updated tests that target EuiButton directly to use a data-telementary-id for more specific element querying required by Emotion

* QA - Removed unnecessary comment in code

* Temporary fix for EuiCard[selectable][layout=horizontal] instances on security solutions' rule page

* Temporary fix for EuiCard[selectable][layout=horizontal] instances on osquery live query and canvas's datasource selector

* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

* Fix CSS specificity, where canvas's solutionToolbarButton's background-color now takes precedence over EuiButton's primary styles

* Removed update to search_marker_tooltip that removed the euiTooltip styles and replaced then with Emotion styling. Added EuiTooltip Sass styles for the component to rely on to test for a styling bug that is causing the tooltip and the tooltip arrow to be out of sync with each other.

* Lint Sass file

* Lint Sass file

* Removed overflow:hidden style from .vgaVis_view as it was causing euiScrollStyles not to present the scroll bars in Vega Vis

* Remove typo from EuiButton textProps object. 'className' should not have been included in the actual class name

* Revert tooltip Sass

This reverts commit 20e6ead, a5cd2de, and c605cbd

* Fix Emotion tooltip arrows

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Constance Chen <constance.chen@elastic.co>
Co-authored-by: Chandler Prall <chandler.prall@elastic.co>
kqualters-elastic pushed a commit that referenced this pull request Dec 20, 2022
## Summary

Related to elastic#144161

Found that on a bulk update tags task failure, the task didn't stop
after 3 retries (should be over in less then a minute), the retries kept
happening for 2 hours.
This change removes the retry task if 3 retries are reached.

Also testing in cloud deployment to see if the tags error can be
reproduced with this fix.
I could reproduce the reported error locally, and seeing it goes away
with this fix.

To verify:
- Add at least 50k agents with the `create_agents` script in kibana repo
- open Kibana, select the 50k agents, and open Actions / Add tags
- Try this in a few seconds: add 2 new tags, and remove one of them
- Wait about 30s, the agents should reflect the changes
- Check the logs to see that the tasks are removed after 3rd retry is
reached or successful.
- Check that there are no more running tasks. Any running task can be
found in Kibana Console by running this query: `GET
.kibana_task_manager/_search?q=task.taskType:"fleet:update_agent_tags:retry"`

Locally simulated an error to test that the retry (and check) task is
removed:

```
[2022-12-07T15:52:16.415+01:00][ERROR][plugins.fleet] Retry #3 of task fleet:update_agent_tags:retry:848984ab-c11d-4ebe-8d1f-606143dd656b failed: failing task
[2022-12-07T15:52:16.416+01:00][WARN ][plugins.fleet] Stopping after 3rd retry. Error: failing task
[2022-12-07T15:52:16.416+01:00][INFO ][plugins.fleet] Removing task fleet:update_agent_tags:retry:check:848984ab-c11d-4ebe-8d1f-606143dd656b
[2022-12-07T15:52:16.416+01:00][INFO ][plugins.fleet] Removing task fleet:update_agent_tags:retry:848984ab-c11d-4ebe-8d1f-606143dd656b
```
kqualters-elastic pushed a commit that referenced this pull request Aug 27, 2024
## Summary

Resolves elastic#143905. This PR adds support for integration-level outputs.
This means that different integrations within the same agent policy can
now be configured to send data to different locations. This feature is
gated behind `enterprise` level subscription.

For each input, the agent policy will configure sending data to the
following outputs in decreasing order of priority:
1. Output set specifically on the integration policy
2. Output set specifically on the integration's parent agent policy
(including the case where an integration policy belongs to multiple
agent policies)
3. Global default data output set via Fleet Settings

Integration-level outputs will respect the same rules as agent
policy-level outputs:
- Certain integrations are disallowed from using certain output types,
attempting to add them to each other via creation, updating, or
"defaulting", will fail
- `fleet-server`, `synthetics`, and `apm` can only use same-cluster
Elasticsearch output
- When an output is deleted, any integrations that were specifically
using it will "clear" their output configuration and revert back to
either `#2` or `#3` in the above list
- When an output is edited, all agent policies across all spaces that
use it will be bumped to a new revision, this includes:
- Agent policies that have that output specifically set in their
settings (existing behavior)
- Agent policies that contain integrations which specifically has that
output set (new behavior)
- When a proxy is edited, the same new revision bump above will apply
for any outputs using that proxy

The final agent policy YAML that is generated will have:
- `outputs` block that includes:
- Data and monitoring outputs set at the agent policy level (existing
behavior)
- Any additional outputs set at the integration level, if they differ
from the above
- `outputs_permissions` block that includes permissions for each
Elasticsearch output depending on which integrations and/or agent
monitoring are assigned to it

Integration policies table now includes `Output` column. If the output
is defaulting to agent policy-level output, or global setting output, a
tooltip is shown:

<img width="1392" alt="image"
src="https://github.com/user-attachments/assets/5534716b-49b5-402a-aa4a-4ba6533e0ca8">

Configuring an integration-level output is done under Advanced options
in the policy editor. Setting to the blank value will "clear" the output
configuration. The list of available outputs is filtered by what outputs
are available for that integration (see above):

<img width="799" alt="image"
src="https://github.com/user-attachments/assets/617af6f4-e8f8-40b1-b476-848f8ac96e76">

An example of failure: ES output cannot be changed to Kafka while there
is an integration
<img width="1289" alt="image"
src="https://github.com/user-attachments/assets/11847eb5-fd5d-4271-8464-983d7ab39218">


## TODO
- [x] Adjust side effects of editing/deleting output when policies use
it across different spaces
- [x] Add API integration tests
- [x] Update OpenAPI spec
- [x] Create doc issue

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants