[EDR Workflows][Osquery] Prevent timeout field from being sent to api…

… when switching query to pack (#174103) Do not send `timeout` field when switching from query to pack mode. Added extended test coverage. https://github.com/elastic/kibana/assets/29123534/f9e5f330-86a3-45d1-aca0-9688e0437184 (cherry picked from commit 22a365f)
elastic · Jan 22, 2024 · 1e94694 · 1e94694
1 parent 31a3255
commit 1e94694
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts
@@ -71,6 +71,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
       },
       interval: '3600',
       query: 'select * from uptime;',
+      timeout: 607,
     }).then((data) => {
       oneMappingSavedQueryId = data.saved_object_id;
       oneMappingSavedQueryName = data.id;
@@ -132,6 +133,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
       cy.contains('Attach next query');
       getIdFormField().type('Query1');
       inputQuery('select * from uptime;');
+      cy.getBySel('timeout-input').clear().type('601');
       cy.wait(500); // wait for the validation to trigger - cypress is way faster than users ;)
       cy.getBySel(FLYOUT_SAVED_QUERY_SAVE_BUTTON).click();
 
@@ -140,6 +142,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
       cy.contains('Attach next query');
       getIdFormField().type('Query2');
       inputQuery('select * from uptime;');
+      cy.getBySel('timeout-input').clear().type('602');
 
       cy.getBySel('resultsTypeField').click();
       cy.contains('Differential').click();
@@ -151,6 +154,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
       cy.contains('Attach next query');
       getIdFormField().type('Query3');
       inputQuery('select * from uptime;');
+      cy.getBySel('timeout-input').clear().type('603');
       cy.getBySel('resultsTypeField').click();
       cy.contains('Differential (Ignore removals)').click();
       cy.wait(500); // wait for the validation to trigger - cypress is way faster than users ;)
@@ -197,21 +201,21 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
       const queries = {
         Query1: {
           interval: 3600,
-          timeout: 60,
+          timeout: 601,
           query: 'select * from uptime;',
           removed: true,
           snapshot: false,
         },
         Query2: {
           interval: 3600,
-          timeout: 60,
+          timeout: 602,
           query: 'select * from uptime;',
           removed: false,
           snapshot: false,
         },
         Query3: {
           interval: 3600,
-          timeout: 60,
+          timeout: 603,
           query: 'select * from uptime;',
         },
       };
@@ -714,6 +718,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => {
 
         cy.contains('Name of the continent').should('exist');
         cy.contains('Seconds of uptime').should('exist');
+        cy.getBySel('timeout-input').should('have.value', '607');
       });
     }
   );

diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx
@@ -154,7 +154,7 @@ const LiveQueryFormComponent: React.FC<LiveQueryFormProps> = ({
           alert_ids: values.alertIds,
           pack_id: queryType === 'pack' && values?.packId?.length ? values?.packId[0] : undefined,
           ecs_mapping: values.ecs_mapping,
-          timeout: values.timeout,
+          ...(queryType === 'query' ? { timeout: values.timeout } : {}),
         },
         (value) => !isEmpty(value) || isNumber(value)
       ) as unknown as LiveQueryFormFields;