From 1e946949aa73a2d3b8b6a2a6107e04ec18c3fc69 Mon Sep 17 00:00:00 2001 From: Konrad Szwarc Date: Mon, 22 Jan 2024 20:17:46 +0100 Subject: [PATCH] [EDR Workflows][Osquery] Prevent timeout field from being sent to api when switching query to pack (#174103) Do not send `timeout` field when switching from query to pack mode. Added extended test coverage. https://github.com/elastic/kibana/assets/29123534/f9e5f330-86a3-45d1-aca0-9688e0437184 (cherry picked from commit 22a365f05a8384e5c167a81c04a81594406854d1) --- .../osquery/cypress/e2e/all/packs_create_edit.cy.ts | 11 ++++++++--- .../osquery/public/live_queries/form/index.tsx | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts b/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts index ca83482cea37b..05fb987bd0d07 100644 --- a/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts +++ b/x-pack/plugins/osquery/cypress/e2e/all/packs_create_edit.cy.ts @@ -71,6 +71,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { }, interval: '3600', query: 'select * from uptime;', + timeout: 607, }).then((data) => { oneMappingSavedQueryId = data.saved_object_id; oneMappingSavedQueryName = data.id; @@ -132,6 +133,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { cy.contains('Attach next query'); getIdFormField().type('Query1'); inputQuery('select * from uptime;'); + cy.getBySel('timeout-input').clear().type('601'); cy.wait(500); // wait for the validation to trigger - cypress is way faster than users ;) cy.getBySel(FLYOUT_SAVED_QUERY_SAVE_BUTTON).click(); @@ -140,6 +142,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { cy.contains('Attach next query'); getIdFormField().type('Query2'); inputQuery('select * from uptime;'); + cy.getBySel('timeout-input').clear().type('602'); cy.getBySel('resultsTypeField').click(); cy.contains('Differential').click(); @@ -151,6 +154,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { cy.contains('Attach next query'); getIdFormField().type('Query3'); inputQuery('select * from uptime;'); + cy.getBySel('timeout-input').clear().type('603'); cy.getBySel('resultsTypeField').click(); cy.contains('Differential (Ignore removals)').click(); cy.wait(500); // wait for the validation to trigger - cypress is way faster than users ;) @@ -197,21 +201,21 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { const queries = { Query1: { interval: 3600, - timeout: 60, + timeout: 601, query: 'select * from uptime;', removed: true, snapshot: false, }, Query2: { interval: 3600, - timeout: 60, + timeout: 602, query: 'select * from uptime;', removed: false, snapshot: false, }, Query3: { interval: 3600, - timeout: 60, + timeout: 603, query: 'select * from uptime;', }, }; @@ -714,6 +718,7 @@ describe('Packs - Create and Edit', { tags: ['@ess', '@serverless'] }, () => { cy.contains('Name of the continent').should('exist'); cy.contains('Seconds of uptime').should('exist'); + cy.getBySel('timeout-input').should('have.value', '607'); }); } ); diff --git a/x-pack/plugins/osquery/public/live_queries/form/index.tsx b/x-pack/plugins/osquery/public/live_queries/form/index.tsx index c584de8d05409..65f3833c1c92e 100644 --- a/x-pack/plugins/osquery/public/live_queries/form/index.tsx +++ b/x-pack/plugins/osquery/public/live_queries/form/index.tsx @@ -154,7 +154,7 @@ const LiveQueryFormComponent: React.FC = ({ alert_ids: values.alertIds, pack_id: queryType === 'pack' && values?.packId?.length ? values?.packId[0] : undefined, ecs_mapping: values.ecs_mapping, - timeout: values.timeout, + ...(queryType === 'query' ? { timeout: values.timeout } : {}), }, (value) => !isEmpty(value) || isNumber(value) ) as unknown as LiveQueryFormFields;