[Security Solution] Editing rules independently of source data (#180407)

x-pack/plugins/security_solution/public/common/hooks/eql/api.ts

@@ -36,17 +36,25 @@ interface Params {
   options: Omit<EqlOptionsSelected, 'query' | 'size'> | undefined;
 }
 
+export interface EqlResponseError {
+  code: EQL_ERROR_CODES;
+  messages?: string[];
+  error?: Error;
+}
+
+export interface ValidateEqlResponse {
+  valid: boolean;
+  error?: EqlResponseError;
+}
+
 export const validateEql = async ({
   data,
   dataViewTitle,
   query,
   signal,
   runtimeMappings,
   options,
-}: Params): Promise<{
-  valid: boolean;
-  error?: { code: EQL_ERROR_CODES; messages?: string[]; error?: Error };
-}> => {
+}: Params): Promise<ValidateEqlResponse> => {
   try {
     const { rawResponse: response } = await firstValueFrom(
       data.search.search<EqlSearchStrategyRequest, EqlSearchStrategyResponse>(

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/eql_query_bar/validators.ts

@@ -12,6 +12,7 @@ import { isEqlRule } from '../../../../../common/detection_engine/utils';
 import { KibanaServices } from '../../../../common/lib/kibana';
 import type { DefineStepRule } from '../../../../detections/pages/detection_engine/rules/types';
 import { DataSourceType } from '../../../../detections/pages/detection_engine/rules/types';
+import type { EqlResponseError } from '../../../../common/hooks/eql/api';
 import { validateEql, EQL_ERROR_CODES } from '../../../../common/hooks/eql/api';
 import type { FieldValueQueryBar } from '../query_bar';
 import * as i18n from './translations';
@@ -47,6 +48,23 @@ export const debounceAsync = <Args extends unknown[], Result extends Promise<unk
   };
 };
 
+export const transformEqlResponseErrorToValidationError = (
+  responseError: EqlResponseError
+): ValidationError<EQL_ERROR_CODES> => {
+  if (responseError.error) {
+    return {
+      code: EQL_ERROR_CODES.FAILED_REQUEST,
+      message: i18n.EQL_VALIDATION_REQUEST_ERROR,
+      error: responseError.error,
+    };
+  }
+  return {
+    code: responseError.code,
+    message: '',
+    messages: responseError.messages,
+  };
+};
+
 export const eqlValidator = async (
   ...args: Parameters<ValidationFunc>
 ): Promise<ValidationError<EQL_ERROR_CODES> | void | undefined> => {
@@ -86,13 +104,8 @@ export const eqlValidator = async (
       options: eqlOptions,
     });
 
-    if (response?.valid === false) {
-      return {
-        code: response.error?.code,
-        message: '',
-        messages: response.error?.messages,
-        error: response.error?.error,
-      };
+    if (response?.valid === false && response.error) {
+      return transformEqlResponseErrorToValidationError(response.error);
     }
   } catch (error) {
     return {

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/save_with_errors_confirmation/index.tsx

@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import React from 'react';
+
+import { EuiConfirmModal } from '@elastic/eui';
+
+import * as i18n from './translations';
+
+interface SaveWithErrorsModalProps {
+  errors: string[];
+  onCancel: () => void;
+  onConfirm: () => void;
+}
+
+const SaveWithErrorsModalComponent = ({
+  errors,
+  onCancel,
+  onConfirm,
+}: SaveWithErrorsModalProps) => {
+  return (
+    <EuiConfirmModal
+      data-test-subj="save-with-errors-confirmation-modal"
+      title={i18n.SAVE_WITH_ERRORS_MODAL_TITLE}
+      onCancel={onCancel}
+      onConfirm={onConfirm}
+      cancelButtonText={i18n.SAVE_WITH_ERRORS_CANCEL_BUTTON}
+      confirmButtonText={i18n.SAVE_WITH_ERRORS_CONFIRM_BUTTON}
+      defaultFocusedButton="confirm"
+    >
+      <>{i18n.SAVE_WITH_ERRORS_MODAL_MESSAGE(errors.length)}</>
+    </EuiConfirmModal>
+  );
+};
+
+export const SaveWithErrorsModal = React.memo(SaveWithErrorsModalComponent);
+SaveWithErrorsModal.displayName = 'SaveWithErrorsModal';

x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/save_with_errors_confirmation/translations.ts

@@ -0,0 +1,36 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const SAVE_WITH_ERRORS_MODAL_TITLE = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.saveWithErrorsModalTitle',
+  {
+    defaultMessage: 'This rule has validation errors',
+  }
+);
+
+export const SAVE_WITH_ERRORS_CANCEL_BUTTON = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.saveWithErrorsCancelButton',
+  {
+    defaultMessage: 'Cancel',
+  }
+);
+
+export const SAVE_WITH_ERRORS_CONFIRM_BUTTON = i18n.translate(
+  'xpack.securitySolution.detectionEngine.createRule.saveWithErrorsConfirmButton',
+  {
+    defaultMessage: 'Confirm',
+  }
+);
+
+export const SAVE_WITH_ERRORS_MODAL_MESSAGE = (errorsCount: number) =>
+  i18n.translate('xpack.securitySolution.detectionEngine.createRule.saveWithErrorsModalMessage', {
+    defaultMessage:
+      'This rule has {errorsCount} validation {errorsCount, plural, one {error} other {errors}} which can lead to failed rule executions, save anyway?',
+    values: { errorsCount },
+  });