-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Rule type
field diff algorithm
#193369
Conversation
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
@@ -0,0 +1,159 @@ | |||
/* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should remove the scenarios which are not possible, since the user cannot edit the rule type, or change the type of the installed rule in any way, not even by API:
Not possible:
- ABA
- ABB
- ABC
Possible:
- AAA
- AAB
- -AA
- -AB
I think the not-possible scenarios shouldn't have test cases here cause it makes it confusing, maybe we can just add it as a comment at the top of this file. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A user can change between query
and saved_query
rule types in the UI. Not saying that's a super common use case but it can technically be done. I think that would be enough to keep those other scenarios in here and maybe just update the tests to reflect that instead of eql
? I just used that for mocking simplicity since it'd be testing the same logic under the hood
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dplumlee You are right about query
and saved_query
, I hadn't realized that.
Then, considering that, and what Paula mentioned in #193372 (comment), I think we should leave the tests cases as they are and add explanations in comments, detailing that such scenarios are only possible for that particular rule change; and other rule type changes should not be possible in the app.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving but please take a look at my comment of the not possible cases.
…193372) ## Summary Related ticket: #190482 Adds test plan for diff algorithm for `type` field diff algorithm implemented here: #193369 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…lastic#193372) ## Summary Related ticket: elastic#190482 Adds test plan for diff algorithm for `type` field diff algorithm implemented here: elastic#193369 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit fefa59f)
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @dplumlee |
Starting backport for target branches: 8.x |
## Summary Addresses elastic#190482 Adds the diff algorithm implementation for the prebuilt rule `type` field. Returns `target_version` and a `NON_SOLVABLE` conflict for every outcome that changes the field. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 18465e7)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…193369) (#194464) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Rule `type` field diff algorithm (#193369)](#193369) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-30T17:27:29Z","message":"[Security Solution] Rule `type` field diff algorithm (#193369)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/190482\r\n\r\nAdds the diff algorithm implementation for the prebuilt rule `type`\r\nfield. Returns `target_version` and a `NON_SOLVABLE` conflict for every\r\noutcome that changes the field.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"18465e7f7e5d9912e61da68873045f0db984fa2b","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:prev-minor","v8.16.0"],"title":"[Security Solution] Rule `type` field diff algorithm","number":193369,"url":"https://github.com/elastic/kibana/pull/193369","mergeCommit":{"message":"[Security Solution] Rule `type` field diff algorithm (#193369)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/190482\r\n\r\nAdds the diff algorithm implementation for the prebuilt rule `type`\r\nfield. Returns `target_version` and a `NON_SOLVABLE` conflict for every\r\noutcome that changes the field.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"18465e7f7e5d9912e61da68873045f0db984fa2b"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193369","number":193369,"mergeCommit":{"message":"[Security Solution] Rule `type` field diff algorithm (#193369)\n\n## Summary\r\n\r\nAddresses https://github.com/elastic/kibana/issues/190482\r\n\r\nAdds the diff algorithm implementation for the prebuilt rule `type`\r\nfield. Returns `target_version` and a `NON_SOLVABLE` conflict for every\r\noutcome that changes the field.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"18465e7f7e5d9912e61da68873045f0db984fa2b"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…rithms (#193375) ## Summary Completes #190482 Switches rule `type` field to use the implemented diff algorithms assigned to them in #193369 Adds integration tests in accordance to #193372 for the `upgrade/_review` API endpoint for the rule `type` field diff algorithm. Also fixes some nested bracket misalignment that occurred in earlier PRs with some test files ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
…rithms (elastic#193375) ## Summary Completes elastic#190482 Switches rule `type` field to use the implemented diff algorithms assigned to them in elastic#193369 Adds integration tests in accordance to elastic#193372 for the `upgrade/_review` API endpoint for the rule `type` field diff algorithm. Also fixes some nested bracket misalignment that occurred in earlier PRs with some test files ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit e119d83)
Summary
Addresses #190482
Adds the diff algorithm implementation for the prebuilt rule
type
field. Returnstarget_version
and aNON_SOLVABLE
conflict for every outcome that changes the field.Checklist
Delete any items that are not applicable to this PR.
For maintainers