[Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management #142950
Conversation
banderror
added
refactoring
technical debt
banderror
changed the title
banderror
force-pushed
the
onweek-refactoring-rule-management
branch
5 times, most recently
from
912c1f0 to
82c825b
Compare
banderror
changed the title
banderror
force-pushed
the
onweek-refactoring-rule-management
branch
4 times, most recently
from
6c53dd6 to
72dbef3
Compare
banderror
force-pushed
the
onweek-refactoring-rule-management
branch
2 times, most recently
from
f94c54b to
66cf3f7
Compare
banderror
force-pushed
the
onweek-refactoring-rule-management
branch
from
7de12d7 to
8f55566
Compare
|
@marshallmain @vitaliidm Thanks for your great questions about the semantics of what is a model.
What's a model? Sometimes people call "models" data that they store in a DB, e.g. in Rails, it's an Active Record pattern. I use the term model in a broader sense. It's our domain model, meaning "things" that our app "consists of", "operates on", "shows", "allows the user to interact with", etc. Normally these things are known to the end users. Examples: rule, rule action, rule execution status, alert, source event, etc. It can be:
So this is stuff I suggest keeping in the As for the
Schema is all about validation. You can have a type (e.g. an interface) without a schema for it if it gives you enough safety. If you need an additional safety net (or you just have a weak type system) you can write a schema for this type to implement parsing and additional validation (e.g. allowed range of values for a property, etc). You can have a model without a schema. Hope this clarifies it a bit. Feel free to drop any other questions on me until we're aligned. |
It seemed to me acceptable in this case because I wouldn't expect us to be working with a lot of endpoints at the same time. So compared to calling all components
Yes, the idea is to continue moving stuff from |
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @xcrzx @banderror |
There was a problem hiding this comment.
Approving without review, so Alerts Area doesn't block the merge.
cc @marshallmain
kibanamachine
added
v8.6.0
backport:skip
I'm on board with making those file names unique. Besides making it easier to navigate between open tabs, it also makes it much easier to find a particular file by its name in IDE, Chrome DevTools, or in the console. |
* main: (57 commits) [Files] Filepicker (elastic#143111) [Infrastructure UI] Replace Lens table with EUI table and own api (elastic#142871) [api-docs] Daily api_docs build (elastic#143829) [api-docs] Daily api_docs build (elastic#143825) [api-docs] Daily api_docs build (elastic#143823) [Security Solution] Restructuring folders of Detection Engine + refactoring Rule Management (elastic#142950) [Dev tools] Fix performance issue with autocomplete suggestions (elastic#143428) [Security Solution] Disable ML rule's edit button link under basic license (elastic#143260) [Lens] Use the language-documentation package for formula (elastic#143649) [api-docs] Daily api_docs build (elastic#143811) [Security Solution] Fix missing title on inspect pop-up (elastic#143601) fix incorrect filters being passed to events table causing duplicate entries in our inpsect tool request tab (elastic#143239) [Security Solution][Endpoint] `get-file` response action kibana download file API (elastic#143708) Rely on refresh context to update stats independently of overview cards. (elastic#143308) [RAM] Rule event log - Fix incorrect results when filtering by message and outcome simultaneously (elastic#143119) [ML] Display link to create data view from error cases in data frame analytics results pages (elastic#143596) Update links in README :) (elastic#143675) Add more tests for ml_inference_logic (elastic#143764) skip failing test suite (elastic#143717) [DOCS] Add assignees to case APIs (elastic#143610) ...
…out (#146904) ## Summary These changes fixes the issue with the unexpected "Failed to Fetch Rule" error toast that appears when user opens the alert details from the Rule Preview page. The issue was introduced by [recent refactoring](#142950) where we switched from the optional toast to showing error toast always when it is not possible to fetch the rule (see `useRuleWithFallback` hook). In case of Rule Preview the rule does not exist and thus server returns 404 (not found) error. In case of Rule Preview we would like to ignore this error and build the rule from the alert. Bug Ticket: #146858
…out (elastic#146904) ## Summary These changes fixes the issue with the unexpected "Failed to Fetch Rule" error toast that appears when user opens the alert details from the Rule Preview page. The issue was introduced by [recent refactoring](elastic#142950) where we switched from the optional toast to showing error toast always when it is not possible to fetch the rule (see `useRuleWithFallback` hook). In case of Rule Preview the rule does not exist and thus server returns 404 (not found) error. In case of Rule Preview we would like to ignore this error and build the rule from the alert. Bug Ticket: elastic#146858 (cherry picked from commit 1b4c661)
…ew Flyout (#146904) (#146921) # Backport This will backport the following commits from `main` to `8.6`: - [[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)](#146904) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Ievgen Sorokopud","email":"[email protected]"},"sourceCommit":{"committedDate":"2022-12-02T20:17:54Z","message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team: SecuritySolution","Team:Detection Rules","Team:Detection Alerts","backport:prev-minor","ci:cloud-deploy","v8.7.0"],"number":146904,"url":"https://github.com/elastic/kibana/pull/146904","mergeCommit":{"message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/146904","number":146904,"mergeCommit":{"message":"[Security Solution] Failed to Fetch Rules and Timeline in Preview Flyout (#146904)\n\n## Summary\r\n\r\nThese changes fixes the issue with the unexpected \"Failed to Fetch Rule\"\r\nerror toast that appears when user opens the alert details from the Rule\r\nPreview page.\r\n\r\nThe issue was introduced by [recent\r\nrefactoring](#142950) where we\r\nswitched from the optional toast to showing error toast always when it\r\nis not possible to fetch the rule (see `useRuleWithFallback` hook). In\r\ncase of Rule Preview the rule does not exist and thus server returns 404\r\n(not found) error. In case of Rule Preview we would like to ignore this\r\nerror and build the rule from the alert.\r\n\r\nBug Ticket: #146858","sha":"1b4c66101b02dd4c01582a0e7b684eb5b499101a"}}]}] BACKPORT--> Co-authored-by: Ievgen Sorokopud <[email protected]>
Partially addresses: #138600, #92169, #138606
Addresses: #136957, #136962, #138614
Summary
In this PR we are:
detection_engine, and we moved some (not all) code into them. More on that is below. New subdomains introduced:fleet_integrationsprebuilt_rulesrule_actions_legacyrule_exceptionsrule_managementrule_previewrule_schemarule_creation_uirule_details_uirule_management_uirule_exceptions_uiRestructuring folders into subdomains
For the background and problem statement, please refer to #138600
We were focusing on code that is closely related to the Rules area: either owned by us de facto (we work on it) or owned by us de jure (according to the CODEOWNERS file). Or goal was to explicitly extract code that we don't own de facto into separate subdomains, transfer ownership to other area teams, and reflect this in the CODEOWNERS file. On the other hand, we wanted the code that we own to also be organized in clear subdomains that we could easily own via CODEOWNERS. We didn't touch the code that is already explicitly owned by other area teams, e.g.
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types.This is a draft "domain map" - an architectural diagram that shows how the Detection Engine could be split into subdomains. It's more a TO-BE idea/aspiration rather than an AS-IS statement. Any feedback, critiques, and suggestions would be extremely appreciated!
It shows the flow of dependencies between subdomains and proposes some rules:
Dashed lines show some existing dependencies that we think should be eliminated.
Ownership TO-BE is color-coded. We updated the CODEOWNERS file according to the new folders.
The folder restructuring is not 100% finished but we did a big part of it. Most of the FE code continues to live in legacy folders, e.g. see
x-pack/plugins/security_solution/public/detections. So this work is to be continued...Refactoring of Rule Management FE
useQueryanduseMutationhooks fromreact-query. That allowed us to introduce the following improvements to our codebase:useRulecould be used on any level in the component tree to access response data directly. So, no need to put the hook on the top level anymore and use prop-drilling to make the response data available to all children components that require it.security_solution/public/detection_engine/rule_management/api/hookscontains abstraction layer on top of the Kibana's HTTP client. All data fetching should happen exclusively through that layer to ensure that:security_solution/public/detection_engine/rule_management/logic.Checklist