[EDR Workflows][Serverless] Gate custom note #193171
Conversation
szwarckonrad
added
release_note:skip
| }; | ||
|
|
||
| const generateExpectedPolicyMock = ({ |
There was a problem hiding this comment.
I decided to keep this fragment hardcoded, as any attempts to generate it with iterations resulted in code that, in my opinion, would be difficult to read and hard for anyone to understand.
There was a problem hiding this comment.
In that case, I would urge you to consider adding this info as a comment block so this block stays that way.
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
szwarckonrad
added
the
ci:project-deploy-security
There was a problem hiding this comment.
Looks good. I left some suggestions for you to consider, esp. with the info text.
From your screenshot, I noticed that the bottom padding/spacing is more than the left/right padding. Is there a way to ensure they are consistent? Perhaps use xs instead of m wherever NotifyUserOption is used. I know this was not something you changed but it's nice to update.
| cy.getByTestSubj(`endpointPolicyForm-${protection}-notifyUser-customMessage`) | ||
| .should('exist') | ||
| .and('be.visible'); |
There was a problem hiding this comment.
For this test and the one above, consider adding a line of comment above each block of assertion for what is visible and what is not. The last assertion here seems like customMessage is visible which I assume is a custom notificaton but the test title contradicts that. It's confusing I think
| 'xpack.securitySolutionServerless.endpointCustomNotification.cardMessage', | ||
| { | ||
| defaultMessage: | ||
| 'To customize the user notification, you must add Endpoint Protection Complete to your project.', |
There was a problem hiding this comment.
I'm not sure if this info text is enough to inform the user what they need to do. Maybe you want to check with @caitlinbetz. I would go with something like To enable customized user notifications, you must add Endpoint Complete to your project. I don't see Endpoint Protection Complete anywhere else in the codebase for such info.
There was a problem hiding this comment.
Talked with @caitlinbetz offline, we've decided to keep the naming consistent - https://github.com/elastic/security-team/issues/9762#issuecomment-2377746522
There was a problem hiding this comment.
In that case, we should update the other upsell info message that we currently have about modifying protection updates that says To modify protection updates, you must add at least Endpoint Complete to your project.
Also consider this concise info-text instead To customize user notifications, you must add Endpoint Protection Complete to your project.
| ) { | ||
| const productFeatureError: Error & { statusCode?: number; apiPassThrough?: boolean } = | ||
| new Error( | ||
| 'To modify protection updates, you must add at least Endpoint Complete to your project.' | ||
| 'To customize the user notification, you must add Endpoint Protection Complete to your project.' |
There was a problem hiding this comment.
Same about the info text update here
There was a problem hiding this comment.
Talked with @caitlinbetz offline, we've decided to keep the naming consistent - https://github.com/elastic/security-team/issues/9762#issuecomment-2377746522
| }; | ||
|
|
||
| const generateExpectedPolicyMock = ({ |
There was a problem hiding this comment.
In that case, I would urge you to consider adding this info as a comment block so this block stays that way.
| cy.getByTestSubj(`endpointPolicyForm-${protection}-enableDisableSwitch`).click(); | ||
| [ | ||
| 'endpointPolicy-customNotificationLockedCard-title', | ||
| 'endpointPolicy-customNotificationLockedCard', | ||
| 'endpointPolicy-customNotificationLockedCard-badge', | ||
| ].forEach((testSubj) => { | ||
| cy.getByTestSubj(testSubj, { timeout: 60000 }).should('exist').and('be.visible'); | ||
| }); | ||
| cy.getByTestSubj(`endpointPolicyForm-${protection}-notifyUser-customMessage`).should( | ||
| 'not.exist' | ||
| ); |
There was a problem hiding this comment.
Same for this test. Please add some comments to explain what the assertions are
| <h4>{NOTIFICATION_MESSAGE_LABEL}</h4> | ||
| </EuiText> | ||
| <EuiSpacer size="xs" /> | ||
| <>{userNotificationMessage || getEmptyValue()}</> |
There was a problem hiding this comment.
Q: Does emptyValue() (-) ever get rendered? from the types looks like userNotificationMessage is always present.
There was a problem hiding this comment.
I believe that userNotificationMessage can be an empty string, which works fine when displaying it in the input box. However, in view-only mode, we want to indicate graphically that there is no notification message by displaying -.
There was a problem hiding this comment.
Yeah, but I don't see the - in the view only mode. I still see an empty textarea. 😕 I'll test again.
There was a problem hiding this comment.
User with full access:
User with read only access:
Seems like empty string is being replaced with the default message here -
I didn’t feel comfortable enough removing the || getEmptyValue(), so I decided to leave it in 😉
There was a problem hiding this comment.
Yeah, this is updating it to the Elastic Security {action} {filename} text. Which I think should be updated to Elastic Endpoint {action} {filename} if at all that is the behavior we need. Maybe @paul-tavares @dasansol92 know something about this logic?
There was a problem hiding this comment.
I’m planning to gather all the improvement suggestions from this PR and consolidate them into a single issue for further discussion. What do you think?
| return <CustomNotificationUpsellingComponent />; | ||
| } | ||
|
|
||
| if (!isEditMode) { |
There was a problem hiding this comment.
Does this ever render? I tested it out and looks like it is valid pre-render so - never shows on the screen.
There was a problem hiding this comment.
It renders for users who do not have RBAC access to edit custom messages.
# Conflicts: # x-pack/plugins/security_solution/server/endpoint/migrations/turn_off_policy_protections.test.ts # x-pack/plugins/security_solution/server/endpoint/migrations/turn_off_policy_protections.ts
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
|
Starting backport for target branches: 8.x |
This PR implements tier-based gating for custom notification messages in Protections. Only users on the Endpoint Complete tier will have the ability to modify these messages, while users on the Endpoint Essentials tier will no longer have this capability. If a user on the Essentials tier had made any changes to custom notifications before this update, those messages will be reset to the default ones. The changes are applied in three areas: 1. UI - An upsell banner is displayed for Essentials users. 2. API - We now prevent API calls that attempt to set or modify custom notification messages for Essentials users. 3. Policy Watcher - Upon Kibana startup (e.g., after a downgrade), we validate all policies for tier compliance. If a policy contains a custom notification message and the user is on the Essentials tier, the message will be reset to the default.     --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit af1dc87)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
# Backport This will backport the following commits from `main` to `8.x`: - [[EDR Workflows][Serverless] Gate custom note (#193171)](#193171) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Konrad Szwarc","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-01T13:20:27Z","message":"[EDR Workflows][Serverless] Gate custom note (#193171)\n\nThis PR implements tier-based gating for custom notification messages in\r\nProtections. Only users on the Endpoint Complete tier will have the\r\nability to modify these messages, while users on the Endpoint Essentials\r\ntier will no longer have this capability. If a user on the Essentials\r\ntier had made any changes to custom notifications before this update,\r\nthose messages will be reset to the default ones.\r\n\r\nThe changes are applied in three areas:\r\n1. UI - An upsell banner is displayed for Essentials users.\r\n2. API - We now prevent API calls that attempt to set or modify custom\r\nnotification messages for Essentials users.\r\n3. Policy Watcher - Upon Kibana startup (e.g., after a downgrade), we\r\nvalidate all policies for tier compliance. If a policy contains a custom\r\nnotification message and the user is on the Essentials tier, the message\r\nwill be reset to the default.\r\n\r\n\r\n\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"af1dc871eb020a885278df280a6f830bc1179d56","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Defend Workflows","ci:project-deploy-security","v8.16.0","backport:version"],"title":"[EDR Workflows][Serverless] Gate custom note","number":193171,"url":"https://github.com/elastic/kibana/pull/193171","mergeCommit":{"message":"[EDR Workflows][Serverless] Gate custom note (#193171)\n\nThis PR implements tier-based gating for custom notification messages in\r\nProtections. Only users on the Endpoint Complete tier will have the\r\nability to modify these messages, while users on the Endpoint Essentials\r\ntier will no longer have this capability. If a user on the Essentials\r\ntier had made any changes to custom notifications before this update,\r\nthose messages will be reset to the default ones.\r\n\r\nThe changes are applied in three areas:\r\n1. UI - An upsell banner is displayed for Essentials users.\r\n2. API - We now prevent API calls that attempt to set or modify custom\r\nnotification messages for Essentials users.\r\n3. Policy Watcher - Upon Kibana startup (e.g., after a downgrade), we\r\nvalidate all policies for tier compliance. If a policy contains a custom\r\nnotification message and the user is on the Essentials tier, the message\r\nwill be reset to the default.\r\n\r\n\r\n\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"af1dc871eb020a885278df280a6f830bc1179d56"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193171","number":193171,"mergeCommit":{"message":"[EDR Workflows][Serverless] Gate custom note (#193171)\n\nThis PR implements tier-based gating for custom notification messages in\r\nProtections. Only users on the Endpoint Complete tier will have the\r\nability to modify these messages, while users on the Endpoint Essentials\r\ntier will no longer have this capability. If a user on the Essentials\r\ntier had made any changes to custom notifications before this update,\r\nthose messages will be reset to the default ones.\r\n\r\nThe changes are applied in three areas:\r\n1. UI - An upsell banner is displayed for Essentials users.\r\n2. API - We now prevent API calls that attempt to set or modify custom\r\nnotification messages for Essentials users.\r\n3. Policy Watcher - Upon Kibana startup (e.g., after a downgrade), we\r\nvalidate all policies for tier compliance. If a policy contains a custom\r\nnotification message and the user is on the Essentials tier, the message\r\nwill be reset to the default.\r\n\r\n\r\n\r\n\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"af1dc871eb020a885278df280a6f830bc1179d56"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Konrad Szwarc <[email protected]>
This PR implements tier-based gating for custom notification messages in Protections. Only users on the Endpoint Complete tier will have the ability to modify these messages, while users on the Endpoint Essentials tier will no longer have this capability. If a user on the Essentials tier had made any changes to custom notifications before this update, those messages will be reset to the default ones.
The changes are applied in three areas: