Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Update CellActions field type to be FieldSpec #157243 #157834

Merged
merged 23 commits into from
Jun 22, 2023
Merged

[Security Solution] Update CellActions field type to be FieldSpec #157243 #157834

merged 23 commits into from
Jun 22, 2023

Conversation

machadoum
Copy link
Member

@machadoum machadoum commented May 16, 2023
edited
Loading

issue: #150347

Context

Some Actions need to access FieldSpec data, which is not present on the CellActions API (subTypeand isMapped). So we are updating the CellActions field property to be compatible with FieldSpec.

Summary

This PR is the first step to fix #150347.

  • Updates the CellActions to support an array of data objects, each containing field (FieldSpec) and value
  • Create a new SecurityCellActions component that accepts a field name and loads FieldSpec from the Dataview.

Examples

Before:

 <SecurityCellActions
      value={'admin'}
      field={{
        name: 'user.name',
        type: 'keyword',
        searchable: true,
        aggregatable: true,
        ...
      }} />

After:

 <SecurityCellActions data={{ field: 'user.name', value: 'admin' }}/>

SecurityCellActions will load the spec from the Dataview and provide it to CellActons.

CellActons now also support an of fields instead of only one field. It will be useful when rendering cell actions for aggregated data like on the Entity Analytic page. But for now, the actions are not supporting multiple values, we need to rewrite them #159480.

Next steps

We must refactor the Security Solution to get FieldSpec from the DataView instead of using BrowserFields. Ideally, we have to do that for every CellAction call so the actions can access the subType property.

Extra information

*** Previously we were mixing esTypes and kbnTypes. For example, if the esType is a keyword the kbnType has to be a string.
Here you can check all possible ES and KBN types and here you can see the mapping between esType and kbnType

Checklist

@machadoum machadoum changed the title Siem explore cell actions 150347 [Security Solution] Update CellActions field type to be FieldSpec #157243 May 16, 2023
@machadoum machadoum mentioned this pull request May 16, 2023
Closed
1 task
@machadoum machadoum self-assigned this May 16, 2023
@machadoum machadoum added technical debt Improvement of the software architecture and operational architecture release_note:skip Skip the PR/issue when compiling release notes Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Feature:Cell Actions Security Solution Cell Actions feature v8.9.0 labels May 16, 2023
@machadoum machadoum force-pushed the siem-explore-cell-actions-150347 branch from b38e323 to 933b0c2 Compare June 12, 2023 12:05
@machadoum machadoum marked this pull request as ready for review June 12, 2023 13:12
@machadoum machadoum requested review from a team as code owners June 12, 2023 13:12
@machadoum
Copy link
Member Author

@elasticmachine merge upstream

@semd semd mentioned this pull request Jun 14, 2023
Merged
@machadoum machadoum force-pushed the siem-explore-cell-actions-150347 branch from 0f3f773 to 4c11f06 Compare June 14, 2023 14:50
@machadoum
Copy link
Member Author

@elasticmachine merge upstream

@machadoum machadoum removed the v8.9.0 label Jun 19, 2023
@machadoum machadoum force-pushed the siem-explore-cell-actions-150347 branch from 1816160 to 996425c Compare June 19, 2023 12:38
semd
semd approved these changes Jun 19, 2023
View reviewed changes
Copy link
Contributor

@semd semd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! thanks Pablo

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] Security Solution Tests #5 / Add, copy comments in different exceptions type and validate sharing them between users Rule exceptions Add comment on a new exception, add another comment has unicode from a different user and copy to clipboard
  • [job] [logs] Investigations - Security Solution Tests #4 / Alerts generated by building block rules Alerts should be visible on the Rule Detail page and not visible on the Overview page
  • [job] [logs] Security Solution Tests #2 / Detection response view Open in timeline "after each" hook for "opens timeline with correct query count for hosts by alert severity table"
  • [job] [logs] Security Solution Tests #2 / Detection response view Open in timeline opens timeline with correct query count for hosts by alert severity table
  • [job] [logs] Security Solution Tests #5 / Exceptions viewer read only "before each" hook for "Cannot add an exception from empty viewer screen"
  • [job] [logs] Explore - Security Solution Tests #2 / Hover actions Adds global filter - filter out

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
securitySolution 4188 4189 +1

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/cell-actions 42 43 +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 10.9MB 10.9MB +6.2KB
Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 13 15 +2
securitySolution 411 416 +5
total +7

Total ESLint disabled count

id before after diff
enterpriseSearch 14 16 +2
securitySolution 494 499 +5
total +7

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @machadoum

PhilippeOberti
PhilippeOberti approved these changes Jun 20, 2023
View reviewed changes
Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for the threat-hunting-investigations team

@machadoum machadoum mentioned this pull request Jun 21, 2023
Merged
2 tasks
@machadoum machadoum merged commit 5fb9709 into main Jun 22, 2023
@machadoum machadoum deleted the siem-explore-cell-actions-150347 branch June 22, 2023 13:20
@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.10 The branch "8.10" does not exist

Manual backport

To create the backport manually run:

node scripts/backport --pr 157834

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Feb 12, 2024
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 157834 locally

3 similar comments
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 157834 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 157834 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add the label auto-backport or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 157834 locally

@semd semd added backport:skip This commit does not require backporting and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@angorayc angorayc angorayc left review comments

@PhilippeOberti PhilippeOberti PhilippeOberti approved these changes

@semd semd semd approved these changes

Assignees

@machadoum machadoum

Labels
backport:skip This commit does not require backporting Feature:Cell Actions Security Solution Cell Actions feature release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting:Explore Team:Threat Hunting Security Solution Threat Hunting Team technical debt Improvement of the software architecture and operational architecture v8.9.0 v8.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CellActions component should hide ShowTopN action for nested fields
7 participants
@machadoum @elasticmachine @angorayc @kibana-ci @kibanamachine @PhilippeOberti @semd