Added filter support to graph API

Graph API is an internal API that hasn't been released yet to ESS, and is not available yet on serverless (behind a feature-flag in kibana.config) due to the above I don't consider it as a breaking change
elastic · Nov 5, 2024 · 1ad3291 · 1ad3291
1 parent 4e753fa
commit 1ad3291
Show file tree

Hide file tree

Showing 9 changed files with 287 additions and 132 deletions.
diff --git a/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts b/x-pack/packages/kbn-cloud-security-posture/common/schema/graph/v1.ts
@@ -9,11 +9,20 @@ import { schema } from '@kbn/config-schema';
 
 export const graphRequestSchema = schema.object({
   query: schema.object({
-    actorIds: schema.arrayOf(schema.string()),
     eventIds: schema.arrayOf(schema.string()),
     // TODO: use zod for range validation instead of config schema
     start: schema.oneOf([schema.number(), schema.string()]),
     end: schema.oneOf([schema.number(), schema.string()]),
+    esQuery: schema.maybe(
+      schema.object({
+        bool: schema.object({
+          filter: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+          must: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+          should: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+          must_not: schema.maybe(schema.arrayOf(schema.object({}, { unknowns: 'allow' }))),
+        }),
+      })
+    ),
   }),
 });
 

diff --git a/x-pack/packages/kbn-cloud-security-posture/common/types/graph/v1.ts b/x-pack/packages/kbn-cloud-security-posture/common/types/graph/v1.ts
@@ -6,6 +6,7 @@
  */
 
 import type { TypeOf } from '@kbn/config-schema';
+import type { BoolQuery } from '@kbn/es-query';
 import {
   colorSchema,
   edgeDataSchema,
@@ -17,7 +18,9 @@ import {
   nodeShapeSchema,
 } from '../../schema/graph/v1';
 
-export type GraphRequest = TypeOf<typeof graphRequestSchema>;
+export type GraphRequest = Omit<TypeOf<typeof graphRequestSchema>, 'query.esQuery'> & {
+  query: { esQuery?: { bool: Partial<BoolQuery> } };
+};
 export type GraphResponse = TypeOf<typeof graphResponseSchema>;
 
 export type Color = typeof colorSchema.type;

diff --git a/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts b/x-pack/plugins/cloud_security_posture/server/routes/graph/route.ts
@@ -10,6 +10,7 @@ import {
   graphResponseSchema,
 } from '@kbn/cloud-security-posture-common/schema/graph/latest';
 import { transformError } from '@kbn/securitysolution-es-utils';
+import type { GraphRequest } from '@kbn/cloud-security-posture-common/types/graph/v1';
 import { GRAPH_ROUTE_PATH } from '../../../common/constants';
 import { CspRouter } from '../../types';
 import { getGraph as getGraphV1 } from './v1';
@@ -37,24 +38,24 @@ export const defineGraphRoute = (router: CspRouter) =>
         },
       },
       async (context, request, response) => {
-        const { actorIds, eventIds, start, end } = request.body.query;
+        const { eventIds, start, end, esQuery } = request.body.query as GraphRequest['query'];
         const cspContext = await context.csp;
         const spaceId = (await cspContext.spaces?.spacesService?.getActiveSpace(request))?.id;
 
         try {
-          const { nodes, edges } = await getGraphV1(
-            {
+          const { nodes, edges } = await getGraphV1({
+            services: {
               logger: cspContext.logger,
               esClient: cspContext.esClient,
             },
-            {
-              actorIds,
+            query: {
               eventIds,
               spaceId,
               start,
               end,
-            }
-          );
+              esQuery,
+            },
+          });
 
           return response.ok({ body: { nodes, edges } });
         } catch (err) {