[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests #196225
Conversation
PhilippeOberti
added
backport
release_note:skip
|
Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations) |
| const filter = queryParams?.filter; | ||
| const options = { | ||
|
|
||
| // searching for all the notes associated with a specific for saved object id |
There was a problem hiding this comment.
| // searching for all the notes associated with a specific for saved object id | |
| // searching for all the notes associated with a specific saved object id |
There was a problem hiding this comment.
fixed in this commit
| .patch(NOTE_URL) | ||
| .set('kbn-xsrf', 'true') | ||
| .send({ | ||
| note: { |
There was a problem hiding this comment.
💅 You could use the actual request body types here and in the cases below, so that it will be easier to refactor these tests once we are changing the request body types.
There was a problem hiding this comment.
good point, fixed here
| // TODO should add more tests for the filter query parameter (I don't know how it's supposed to work) | ||
|
|
||
| // TODO should add more tests for the MAX_UNASSOCIATED_NOTES advanced settings values | ||
| }); |
There was a problem hiding this comment.
Do you still want to do this before this PR is merged?
There was a problem hiding this comment.
no, there are some unknowns on my side, I just added these todos when we revisit the api, probably around 9.0
…Ids and savedObjectIds query parameters and adding api integration tests
PhilippeOberti
force-pushed
the
notes-api-tests
branch
from
6b89eb7 to
fcd19df
Compare
thanks! I actually made some changes like wrapping the creation of the notes by |
| }, | ||
| updatedBy: note.user || 'elastic', | ||
| note: note.text, | ||
| } as BareNote, |
There was a problem hiding this comment.
This should probably be PersistNoteRouteRequestBody
There was a problem hiding this comment.
that makes sense, if that's ok I made the change in this other PR (here) that way it saves some CI time as this PR is nearly done... ?
|
Starting backport for target branches: 8.x |
💚 Build Succeeded
Metrics [docs]
History
|
…Ids and savedObjectIds query parameters and adding api integration tests (elastic#196225) (cherry picked from commit 0764261)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…cumentIds and savedObjectIds query parameters and adding api integration tests (#196225) (#196394) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests (#196225)](#196225) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Philippe Oberti","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-15T17:09:22Z","message":"[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests (#196225)","sha":"07642611899034fd4d9ab8362b6303405871c055","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["backport","release_note:skip","v9.0.0","Team:Threat Hunting:Investigations","v8.16.0"],"title":"[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests","number":196225,"url":"https://github.com/elastic/kibana/pull/196225","mergeCommit":{"message":"[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests (#196225)","sha":"07642611899034fd4d9ab8362b6303405871c055"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196225","number":196225,"mergeCommit":{"message":"[Security Solution][Notes] - fix incorrect get_notes api for documentIds and savedObjectIds query parameters and adding api integration tests (#196225)","sha":"07642611899034fd4d9ab8362b6303405871c055"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Philippe Oberti <[email protected]>
Summary
While working on adding api integration tests for this PR, I realized that the current logic in the
getNotesendpoint is not always correct. Here are the issues:documentIdsby passing one or multipledocumentIdsquery parameters (used for example when the UI wants to retrieve all the notes for all the alerts in the alerts table), we were actually searching for the values of the documentIds in all the fields, instead of just in theeventIdfield. That means that if a user had used the document id value in the note itself (the text part) this value would be returned. The new logic only looks at theeventIdattributes to return only the necessary notes. I did not do and performance comparison, but I would assume that looking at a specific field vs all the fields would be much more efficientsavedObjectIdsquery parameter, where we were searching for the values passed within all the fields of the notes objects, instead of just looking for the references to other saved object idsThis PR fixes the 2 issues above and adds a lot of api integration tests to check the above behavior as well as testing other query parameters (like
sortField,sortOrder,perPage,pageandsearch).Checklist