Skip to content

Commit

Permalink
[8.x] [Security Solution] Fixes `required_fields` being rem…
Browse files Browse the repository at this point in the history
…oved after rule `PATCH` calls (#199901) (#200307)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] Fixes `required_fields` being removed
after rule `PATCH` calls
(#199901)](#199901)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Davis
Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-15T15:17:37Z","message":"[Security
Solution] Fixes `required_fields` being removed after rule `PATCH` calls
(#199901)\n\n**Fixes
https://github.com/elastic/kibana/issues/199665**\r\n\r\n##
Summary\r\n\r\nFixes the `required_fields` field being removed from the
existing rule\r\nwhen not present in the rule `PATCH` API
call.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n-
[ ] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Georgii Gorbachev <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"f716948053c1b6f4a9f1dda27d4f5a501631b692","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","impact:medium","v9.0.0","Feature:Detection
Rules","Team:Detections and Resp","Team:
SecuritySolution","Team:Detection Rule
Management","backport:version","v8.17.0","v8.16.1"],"title":"[Security
Solution] Fixes `required_fields` being removed after rule `PATCH`
calls","number":199901,"url":"https://github.com/elastic/kibana/pull/199901","mergeCommit":{"message":"[Security
Solution] Fixes `required_fields` being removed after rule `PATCH` calls
(#199901)\n\n**Fixes
https://github.com/elastic/kibana/issues/199665**\r\n\r\n##
Summary\r\n\r\nFixes the `required_fields` field being removed from the
existing rule\r\nwhen not present in the rule `PATCH` API
call.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n-
[ ] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Georgii Gorbachev <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"f716948053c1b6f4a9f1dda27d4f5a501631b692"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199901","number":199901,"mergeCommit":{"message":"[Security
Solution] Fixes `required_fields` being removed after rule `PATCH` calls
(#199901)\n\n**Fixes
https://github.com/elastic/kibana/issues/199665**\r\n\r\n##
Summary\r\n\r\nFixes the `required_fields` field being removed from the
existing rule\r\nwhen not present in the rule `PATCH` API
call.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not
applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n-
[ ] This was checked for breaking API changes and was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n-
[ ] This will appear in the **Release Notes** and follow
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Georgii Gorbachev <[email protected]>\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"f716948053c1b6f4a9f1dda27d4f5a501631b692"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Davis Plumlee <[email protected]>
  • Loading branch information
kibanamachine and dplumlee authored Nov 15, 2024
1 parent d7c2de7 commit 137eed9
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -453,4 +453,36 @@ describe('applyRulePatch', () => {
})
).rejects.toThrowError('new_terms_fields: Expected array, received string');
});

test('should retain existing required_fields when not present in rule patch body', async () => {
const rulePatch = {
name: 'new name',
} as PatchRuleRequestBody;
const existingRule = {
...getRulesSchemaMock(),
required_fields: [
{
name: 'event.action',
type: 'keyword',
ecs: true,
},
],
};
const patchedRule = await applyRulePatch({
rulePatch,
existingRule,
prebuiltRuleAssetClient,
});
expect(patchedRule).toEqual(
expect.objectContaining({
required_fields: [
{
name: 'event.action',
type: 'keyword',
ecs: true,
},
],
})
);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,9 @@ export const applyRulePatch = async ({
meta: rulePatch.meta ?? existingRule.meta,
max_signals: rulePatch.max_signals ?? existingRule.max_signals,
related_integrations: rulePatch.related_integrations ?? existingRule.related_integrations,
required_fields: addEcsToRequiredFields(rulePatch.required_fields),
required_fields: rulePatch.required_fields
? addEcsToRequiredFields(rulePatch.required_fields)
: existingRule.required_fields,
risk_score: rulePatch.risk_score ?? existingRule.risk_score,
risk_score_mapping: rulePatch.risk_score_mapping ?? existingRule.risk_score_mapping,
rule_name_override: rulePatch.rule_name_override ?? existingRule.rule_name_override,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,33 @@ export default ({ getService }: FtrProviderContext) => {
);
});
});

it('should not change required_fields when not present in patch body', async () => {
await securitySolutionApi.createRule({
body: getCustomQueryRuleParams({
rule_id: 'rule-1',
required_fields: [
{
name: 'event.action',
type: 'keyword',
},
],
}),
});

// patch a simple rule's name
const { body: patchedRule } = await securitySolutionApi
.patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } })
.expect(200);

expect(patchedRule.required_fields).toEqual([
{
name: 'event.action',
type: 'keyword',
ecs: true,
},
]);
});
});
});
};

0 comments on commit 137eed9

Please sign in to comment.