-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEM][Exceptions] - Exception builder component #67013
Conversation
This also adds a generic hook, useAsyncTask, that wraps an async function to provide basic utilities: * loading state * error state * abort/cancel function
These were not caught locally as I was accidentally running typescript without the full project.
… tuple This allows callers to further leverage fp-ts functions as needed.
* leverages new validateEither fn which returns an Either * constructs a pipeline that: * validates the payload * performs the API call * validates the response and short-circuits if any of those produce a Left value. It then converts the Either into a promise that either rejects with the Left or resolves with the Right.
This cleans up our validation pipeline considerably.
* refactors private API functions to accept the encoded request schema (i.e. snake cased) * refactors validateEither to use `schema.validate` instead of `schema.decode` since we don't actually want the decoded value, we just want to verify that it'll be able to be decoded on the backend.
* Continue to export decoded types without a qualifier * pull types used by hooks from their new location * Fix errors with usage of act()
By pulling from the module directly instead of an index, we can hopefully narrow down our dependencies until tree-shaking does this for us.
Pinging @elastic/siem (Team:SIEM) |
/> | ||
); | ||
if (index === 0 && exceptionItemIndex === 0) { | ||
return <MyFirstRowContainer grow={false}>{button}</MyFirstRowContainer>; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similar to the above comment - the first row includes the field labels, so the delete icon was centering based on that extra space. Added padding fixes that.
}; | ||
}; | ||
|
||
export const filterExceptionItems = ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to ensure that we only bubble up valid exception item and entries. A user could add 10 blank rows or entries, this strips those out.
@@ -49,3 +50,46 @@ export interface ExceptionsPagination { | |||
totalItemCount: number; | |||
pageSizeOptions: number[]; | |||
} | |||
|
|||
export interface FormattedBuilderEntryBase { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These new types are to deal with the empty states of the entries in the builder, since the exception item entries can be in what the ExceptionListItemSchema
would pick up as invalid. But when bubbling up the exceptions to the parent, we do check to strip out any empties.
@@ -0,0 +1,122 @@ | |||
# Autocomplete Fields |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great readme!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested by integrating the component with the Exception Modal (upcoming PR). Looks great! My only suggestion would be to look into using useMemo
and useCallback
where it makes sense throughout these components.
### Summary This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an `onChange` handler that can be used to access the exceptions. The builder is able to: - accept `ExceptionListItem` and render them correctly - allow user to add exception list item and exception list item entries - accept an `indexPattern` and use it to fetch relevant field and autocomplete field values - disable `Or` button if user is only allowed to edit/add to exception list item (not add additional exception list items) - displays `Add new exception` button if no exception items exist - An exception item can be created without entries, the `add new exception` button will show in the case that an exception list contains exception list item(s) with an empty `entries` array (as long as there is one exception list item with an item in `entries`, button does not show) - debounces field value autocomplete searches - bubble up exceptions to parent component, stripping out any empty entries
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
### Summary This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an `onChange` handler that can be used to access the exceptions. The builder is able to: - accept `ExceptionListItem` and render them correctly - allow user to add exception list item and exception list item entries - accept an `indexPattern` and use it to fetch relevant field and autocomplete field values - disable `Or` button if user is only allowed to edit/add to exception list item (not add additional exception list items) - displays `Add new exception` button if no exception items exist - An exception item can be created without entries, the `add new exception` button will show in the case that an exception list contains exception list item(s) with an empty `entries` array (as long as there is one exception list item with an item in `entries`, button does not show) - debounces field value autocomplete searches - bubble up exceptions to parent component, stripping out any empty entries
* master: (46 commits) [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688) Use dynamic: false for config saved object mappings (elastic#70436) [Ingest Pipelines] Error messages (elastic#70167) [APM] Show transaction rate per minute on Observability Overview page (elastic#70336) Filter out error when calculating a label (elastic#69934) [Visualizations] Each visType returns its supported triggers (elastic#70177) [Telemetry] Report data shippers (elastic#64935) Reduce SavedObjects mappings for Application Usage (elastic#70475) [Lens] fix dimension label performance issues (elastic#69978) Skip failing endgame tests (elastic#70548) [SIEM] Reenabling Cypress tests (elastic#70397) [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707) [Security] Adds field mapping support to rule creation (elastic#70288) SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491) Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130) [SIEM][Exceptions] - Exception builder component (elastic#67013) [Ingest Manager] Rename data sources to package configs (elastic#70259) skip suites blocking es snapshot promomotion (elastic#70532) [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503) fix export response (elastic#70473) ...
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an
onChange
handler that can be used to access the exceptions. The builder is able to:ExceptionListItem
and render them correctlyindexPattern
and use it to fetch relevant field and autocomplete field valuesOr
button if user is only allowed to edit/add to exception list item (not add additional exception list items)Add new exception
button if no exception items existadd new exception
button will show in the case that an exception list contains exception list item(s) with an emptyentries
array (as long as there is one exception list item with an item inentries
, button does not show)Logic checks:
boolean
, operators are limited tois
,is not
,exists
,does not exist
and available values aretrue
,false
date
,number
, orip
, values combo box shows error state if values do not match field typeis in list
oris not in list
, only lists that match the selected field type will be displayed in the autocompleteAside
Created reusable components for field, operator and field value inputs as it's already needed for other functionality. I added a
README.md
(x-pack/plugins/security_solution/public/common/components/autocomplete/readme.md
) to try to make use of the components a bit easier.To Do
React warning on initial first field selection (wip)Match any was acting funny(was passing selected field as query to autocomplete, causing funkiness, fixed!)Examples
Builder
List operator
Match operator
Match any operator
Boolean field type
Exists operator
Sample validation (field of type
ip
)Checklist