Skip to content

Commit

Permalink
[8.16] [Security Solution] Remove warning for rule filter (#201776) (#…
Browse files Browse the repository at this point in the history
…204728)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] Remove warning for rule filter
(#201776)](#201776)

<!--- Backport version: 9.6.2 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Jacek
Kolezynski","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-18T09:47:05Z","message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Rule Creation","Feature:Rule Details","Feature:Rule
Edit","backport:version","v8.18.0","v8.16.3","v8.17.1"],"title":"[Security
Solution] Remove warning for rule
filter","number":201776,"url":"https://github.com/elastic/kibana/pull/201776","mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201776","number":201776,"mergeCommit":{"message":"[Security
Solution] Remove warning for rule filter (#201776)\n\n**Resolves:
#178908**\n\n## Summary\n\nThis PR fixes a warning displayed for the
rule when certain filter is\npresent.\nI followed the suggestion from
@nikitaindik in the original ticket and\npulled his fix and tested that
it works, but it also needed some\nmodification borrowed from QueryBar
component, namely to update the\nfilters before displaying the
FilterItems component.\n\nNote: This PR only covers the Rule Creation /
Rules Details page. Two\nnew tickets have been created to cover issues
found in other places:\n#203600 and #203615\n\n# BEFORE\n<img
width=\"899\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\">\n\n#
AFTER\n<img width=\"901\"
alt=\"image\"\nsrc=\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\">\n\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [ ] [Flaky
Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\nused on any tests changed\n\n---------\n\nCo-authored-by: Nikita
Indik
<[email protected]>","sha":"2e3a74829d953e3a968c75e0edaed21dce332c03"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204704","number":204704,"state":"MERGED","mergeCommit":{"sha":"2ea020542b5c30066b3728d8b718670c5732ca1e","message":"[8.x]
[Security Solution] Remove warning for rule filter (#201776)
(#204704)\n\n# Backport\n\nThis will backport the following commits from
`main` to `8.x`:\n- [[Security Solution] Remove warning for rule
filter\n(#201776)](https://github.com/elastic/kibana/pull/201776)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Jacek\nKolezynski\",\"email\":\"[email protected]\"},\"sourceCommit\":{\"committedDate\":\"2024-12-18T09:47:05Z\",\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:fix\",\"v9.0.0\",\"Team:Detections\nand
Resp\",\"Team: SecuritySolution\",\"Team:Detection
Rule\nManagement\",\"Feature:Rule Creation\",\"Feature:Rule
Details\",\"Feature:Rule\nEdit\",\"backport:version\",\"v8.18.0\",\"v8.16.3\",\"v8.17.1\"],\"title\":\"[Security\nSolution]
Remove warning for
rule\nfilter\",\"number\":201776,\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.x\",\"8.16\",\"8.17\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/201776\",\"number\":201776,\"mergeCommit\":{\"message\":\"[Security\nSolution]
Remove warning for rule filter
(#201776)\\n\\n**Resolves:\n#178908**\\n\\n## Summary\\n\\nThis PR fixes
a warning displayed for the\nrule when certain filter is\\npresent.\\nI
followed the suggestion from\n@nikitaindik in the original ticket
and\\npulled his fix and tested that\nit works, but it also needed
some\\nmodification borrowed from QueryBar\ncomponent, namely to update
the\\nfilters before displaying the\nFilterItems component.\\n\\nNote:
This PR only covers the Rule Creation /\nRules Details page. Two\\nnew
tickets have been created to cover issues\nfound in other
places:\\n#203600 and #203615\\n\\n#
BEFORE\\n<img\nwidth=\\\"899\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/62b300b4-bc70-481f-8042-dc9d7c4b3ff0\\\">\\n\\n#\nAFTER\\n<img
width=\\\"901\\\"\nalt=\\\"image\\\"\\nsrc=\\\"https://github.com/user-attachments/assets/6c2915f8-e2e1-477d-bf6c-4ededf1a6907\\\">\\n\\n\\n###\nChecklist\\n\\nCheck
the PR satisfies following conditions. \\n\\nReviewers\nshould verify
this PR satisfies this list as well.\\n\\n- [ ] [Unit
or\nfunctional\\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\\nwere\nupdated
or added to match the most common scenarios\\n- [ ]
[Flaky\nTest\\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)\nwas\\nused
on any tests changed\\n\\n---------\\n\\nCo-authored-by:
Nikita\nIndik\n<[email protected]>\",\"sha\":\"2e3a74829d953e3a968c75e0edaed21dce332c03\"}},{\"branch\":\"8.x\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v8.18.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.16\",\"label\":\"v8.16.3\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.17\",\"label\":\"v8.17.1\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Jacek Kolezynski
<[email protected]>"}},{"branch":"8.16","label":"v8.16.3","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/204718","number":204718,"state":"OPEN"}]}]
BACKPORT-->
  • Loading branch information
jkelas authored Dec 18, 2024
1 parent 2896b35 commit 56a60e8
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* 2.0.
*/

import React from 'react';
import React, { useMemo } from 'react';
import { isEmpty } from 'lodash/fp';
import {
EuiDescriptionList,
Expand All @@ -23,8 +23,8 @@ import type {
import type { Filter } from '@kbn/es-query';
import type { SavedQuery } from '@kbn/data-plugin/public';
import { mapAndFlattenFilters } from '@kbn/data-plugin/public';
import type { DataView } from '@kbn/data-views-plugin/public';
import { FilterItems } from '@kbn/unified-search-plugin/public';
import { isDataView } from '../../../../common/components/query_bar';
import type {
AlertSuppressionMissingFieldsStrategy,
RequiredFieldArray,
Expand All @@ -39,8 +39,6 @@ import { AlertSuppressionLabel } from '../../../rule_creation_ui/components/desc
import { useGetSavedQuery } from '../../../../detections/pages/detection_engine/rules/use_get_saved_query';
import * as threatMatchI18n from '../../../../common/components/threat_match/translations';
import * as timelinesI18n from '../../../../timelines/components/timeline/translations';
import { useRuleIndexPattern } from '../../../rule_creation_ui/pages/form';
import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
import type { Duration } from '../../../../detections/pages/detection_engine/rules/types';
import { convertHistoryStartToSize } from '../../../../detections/pages/detection_engine/rules/helpers';
import { MlJobsDescription } from '../../../rule_creation/components/ml_jobs_description/ml_jobs_description';
Expand All @@ -59,6 +57,7 @@ import {
} from './rule_definition_section.styles';
import { getQueryLanguageLabel } from './helpers';
import { useDefaultIndexPattern } from './use_default_index_pattern';
import { useDataView } from './three_way_diff/final_edit/fields/hooks/use_data_view';

interface SavedQueryNameProps {
savedQueryName: string;
Expand All @@ -83,16 +82,34 @@ export const Filters = ({
index,
'data-test-subj': dataTestSubj,
}: FiltersProps) => {
const flattenedFilters = mapAndFlattenFilters(filters);

const defaultIndexPattern = useDefaultIndexPattern();
const useDataViewParams = dataViewId
? { dataViewId }
: { indexPatterns: index ?? defaultIndexPattern };
const { dataView } = useDataView(useDataViewParams);
const isEsql = filters.some((filter) => filter?.query?.language === 'esql');
const searchBarFilters = useMemo(() => {
if (!index || isDataView(index) || isEsql) {
return filters;
}
const filtersWithUpdatedMetaIndex = filters.map((filter) => {
return {
...filter,
meta: {
...filter.meta,
index: index.join(','),
},
};
});

const { indexPattern } = useRuleIndexPattern({
dataSourceType: dataViewId ? DataSourceType.DataView : DataSourceType.IndexPatterns,
index: index ?? defaultIndexPattern,
dataViewId,
});
return filtersWithUpdatedMetaIndex;
}, [filters, index, isEsql]);

if (!dataView) {
return null;
}

const flattenedFilters = mapAndFlattenFilters(searchBarFilters);
const styles = filtersStyles;

return (
Expand All @@ -103,7 +120,7 @@ export const Filters = ({
responsive={false}
gutterSize="xs"
>
<FilterItems filters={flattenedFilters} indexPatterns={[indexPattern as DataView]} readOnly />
<FilterItems filters={flattenedFilters} indexPatterns={[dataView]} readOnly />
</EuiFlexGroup>
);
};
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { useEffect, useState } from 'react';
import type { DataView } from '@kbn/data-views-plugin/common';
import { useKibana } from '../../../../../../../../common/lib/kibana';

export type UseDataViewParams =
| { indexPatterns: string[]; dataViewId?: never }
| { indexPatterns?: never; dataViewId: string };

interface UseDataViewResult {
dataView: DataView | undefined;
isLoading: boolean;
}

export function useDataView(indexPatternsOrDataViewId: UseDataViewParams): UseDataViewResult {
const {
data: { dataViews: dataViewsService },
} = useKibana().services;
const [dataView, setDataView] = useState<DataView | undefined>();
const [isLoading, setIsLoading] = useState(false);

useEffect(() => {
setIsLoading(true);

(async () => {
try {
if (indexPatternsOrDataViewId.indexPatterns) {
const indexPatternsDataView = await dataViewsService.create({
title: indexPatternsOrDataViewId.indexPatterns.join(','),
id: indexPatternsOrDataViewId.indexPatterns.join(','),
allowNoIndex: true,
});

setDataView(indexPatternsDataView);
return;
}

if (indexPatternsOrDataViewId.dataViewId) {
const ruleDataView = await dataViewsService.get(indexPatternsOrDataViewId.dataViewId);

setDataView(ruleDataView);
}
} finally {
setIsLoading(false);
}
})();
}, [
dataViewsService,
indexPatternsOrDataViewId.indexPatterns,
indexPatternsOrDataViewId.dataViewId,
]);

return { dataView, isLoading };
}

0 comments on commit 56a60e8

Please sign in to comment.