-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Cloud Security] POC sharing Cloud Security APIs #179143
Comments
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
@JordanSh Can you elaborate more on the need for exposing our APIs? I was thinking if we could use the existing Security Data View to query this date, but not sure how the flyout works exactly and if that's feasible |
The idea was to use our latest findings APIs instead of manually querying the data view. Since the Alerts detail flyout suppose to display the latest findings table, filtered by the shown entity, my assumption was that we would have the exact same fetching for both the alerts findings table, and our findings table. Meaning we could reuse our own APIs which are already tested and integrate with our table component (which we would like to explore the option of sharing it as well). This will save us the trouble of maintaining and testing duplicate code. The main problem I anticipate is cyclic dependencies, though there are ways around it. I thought that making a POC and understanding the pros and cons for this approach is needed |
ticket refactor looks great @maxcold. R |
To answer this requirement I created a POC draft PR #187686 showcasing different approaches to share code between plugins. Options Option 1: Import directly from
|
The next step for me is to investigate what approach we could take in building data grids in the flyouts. Options to consider:
For transparency, worth noting that we chatted with @opauloh who worked on building For reference, here is the PR where in the description it contains the matrix of different features covered by the component. The Misconfigurations page prio to |
Thanks for sharing the proposal and suggesting the next steps Maybe worth to add few more options to discuss, like whether cloud_security_posture should be merged into the security_solution or be a separate plugin. Option 2 seems to be in its first steps, do you think it is fully ready for us to adopt? or we will be early adopters of it? |
I added two more options to the comment. I don't consider them viable, but I agree it worth mentioning them in case I'm missing smth or at least for the documentation purposes
I don't know the full history of it, but I think the documentation is just old and maybe out of date. The initial PR with the docs 249b164 is 2 years old, and there are a lot of packages that follow this approach, to we won't be early adopters. Don't know about the next steps in their plan though, maybe it's not currently a prio |
I played a bit with the Therefore for the AC
I would propose not to spend much time now and make a decision:
|
Thanks @maxcold for the detailed explanation. I agree that sharing the table component doesn’t make sense given the differences between the two tables. Initially, I was hoping to save development and future maintenance time by reusing the component, but it’s clear that if they are completely different, trying to share the component could end up achieving the opposite. Focusing on separate implementations seems like the more efficient approach. As for the options regarding our API sharing, I’m personally in favor of option #2. I do think that this is a significant decision. I suggest we bring it up in our next team huddle. We can present how it works, gather feedback, discuss any potential drawbacks, and make a collective decision. |
@JordanSh thanks for reviewing the outcomes! I added the topic of sharing the code between plugins to the agenda of our huddle |
To save us some time, we can start with option 3, and later refactor it into different packages to be able to re-use it, correct? |
Thanks for all of the detailed explorations and notes here @JordanSh and @maxcold! Regarding Option 1 above:
We're currently investigating migrating the security solution flyout into it's own package, and migrating the shared code from the flyout to it's own shared package as well. Depending on your requirements, it may be simpler for you to just implement the table directly in the security solution flyout package as a csp sub-directory. Now this work is currently only in the POC phase, and our timelines for the work may not align, but I did want to start the discussion regarding this planned work in case it may. @logeekal is handling the POC from our side. As an aside, after being a part of a number of table refactors and seeing a number of them happening here, I agree that the best solution for you will most likely be option 3, building a simpler table around the existing |
@kfirpeled @michaelolo24 |
Agree, let's start with your suggestion @maxcold. @michaelolo24 where we can track the migration progress to the referred package that will contain the flyout? Another question I have to you @maxcold , how do you suggest sharing code between packages? Is it by sharing the react hooks? or sharing services through kibana plugins mechanism? I'm not sure I fully understand all the implications and how it works under the hood. Or how each method affects the bundle size. |
@kfirpeled I was thinking about just sharing hooks and components from a package. I didn't look into sharing services through Kibana plugins mechanism. In the end, I was just looking at |
You can track the progress of migration of flyout components in a common package this PR and the work will continue as part of this epic issue. Currently, it is a Please do let me know if there are more questions. |
We agreed on creating |
Summary:
as a part of https://github.com/elastic/security-team/issues/9015 and https://github.com/elastic/security-team/issues/9137 we need to show components related to CSP in the context of
security_solution
plugin. Specifically, we have:host.name
anduser.name
host.name
anduser.name
Specific data that we are concerned for these epics:
status/
API. We also might need to cover 3rd party integrations and data stream/index statuses thereIn this issue
API
means any programmatic interface that can be shared: REST APIs over HTTP, services encapsulating data fetching, set of hooks or other components shared across plugins, etc.The strategic questions we want to answer in this ticket:
security_solution
andcloud_security_posture
plugins? The ideal state is that we reduce the number of places to update to a minimum. Situation to avoid: disconnected code path across multiple plugins doing things differentlysecurity_solution
andcloud_security_posture
plugins. See related PR where this challenge surfaced and explored for PLI componentMore specific questions to answer:
security_soltuion
andcloud_security_posture
pluginDefinition of Done:
The text was updated successfully, but these errors were encountered: