Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Cloud Security] Fixed failing FTR #199683

Merged
merged 9 commits into from
Nov 13, 2024

Conversation

kfirpeled
Copy link
Contributor

@kfirpeled kfirpeled commented Nov 11, 2024

Summary

fixes: #198632

FTR failed due to the usage of relative start and end when querying for the graph.

Together with @tinnytintin10 we decided it is safe to assume the time to query would be 30 minutes before and after the alert.

Some enhancements and fixes:

  • Disabled re-fetch /graph API when window focus returned

Checklist

Delete any items that are not applicable to this PR.

@kfirpeled kfirpeled added release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Nov 11, 2024
@kfirpeled kfirpeled requested review from a team as code owners November 11, 2024 18:17
@kfirpeled kfirpeled changed the title Fixed failing FTR [Cloud Security] Fixed failing FTR Nov 11, 2024
Comment on lines 37 to 38
start: moment(timestamp).subtract(30, 'minutes').toISOString(),
end: moment(timestamp).add(30, 'minutes').toISOString(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if timestamp is null? In lines 37-38, start and end will be set to null.

Should we default to something like i.e. 'now-30m/m' and 'now+30m/m' or is it safe to leave them as null?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great question. This component is not rendered if the timestamp is missing. The same is true when eventIds is undefined.

These checks happen on the parent component. This design is not ideal. I hope to find a better flow and refactor it. I'm also open to ideas.

and I'll run a jest UT to check what happens when timestamp is null; i'm curious myself

Copy link
Contributor Author

@kfirpeled kfirpeled Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@albertoblaz to answer your question, when timestamp is null, moment(null) returns null. Which will cause an error.

I fixed that with a default value of undefined

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should a new unit test be added to check that?

Copy link
Contributor

@opauloh opauloh Nov 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having to think about the side effect of moment(undefined) leading to the current Timestamp, seems to add to me some cognitive load that I would like to avoid it possible, i.e instead of falling back to undefined we can explicitly fallback to the current date object.

Also, I liked @albertoblaz suggestion of using Elasticsearch relatives start/end, so I guess we could combine both suggestions in this way for ex:

  const timestamp = getField(getFieldsData('@timestamp')) ?? new Date().toISOString();

  const { isLoading, isError, data } = useFetchGraphData({
    req: {
      query: {
        eventIds,
        start: `${timestamp}||-30m`,
        end: `${timestamp}||+30m`,
      },
    },
    options: {
      refetchOnWindowFocus: false,
    },
  });

This way we can even remove moment as well

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also as @PhilippeOberti pointed out, some unit tests to check how useFetchGraphData is called based on the getFieldsData would be important

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @opauloh , @PhilippeOberti !
I enhanced the assertions of the current UT and changed the logic to use date math
I believe it is more robust now

Copy link
Contributor

@PhilippeOberti PhilippeOberti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving as the code LGTM, but I feel like unit tests should be improved

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know this wasn't introduced by this PR specifically, but I just realized that these test only check the isAuditLog values, instead of checking everything that the useGraphPreview returns (timestamp, eventIds, actorIds, action and isAuditLog).
I feel like it would be better to verify all the values.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as an example, you made a change to the hook by adding a new timestamp property returned, but none of these test verify that this property exists or what its value should be...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good point @PhilippeOberti , I added assertion for the other values

@kfirpeled kfirpeled requested a review from opauloh November 12, 2024 22:57
@kfirpeled kfirpeled enabled auto-merge (squash) November 12, 2024 23:53
Copy link
Contributor

@opauloh opauloh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kfirpeled kfirpeled merged commit 5add2c8 into elastic:main Nov 13, 2024
44 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11809024912

@elasticmachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] x-pack/test/alerting_api_integration/security_and_spaces/group1/config.ts / alerting api integration security and spaces enabled Alerts - Group 1 alerts backfill rule runs schedule backfill space_1_all_alerts_none_actions at space1 should handle scheduling multiple backfill job requests for a single rule appropriately

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 13.4MB 13.4MB +304.0B

History

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

You might need to backport the following PRs to 8.x:
- [Cloud Security] Added popover support for graph component (#199053)

Manual backport

To create the backport manually run:

node scripts/backport --pr 199683

Questions ?

Please refer to the Backport tool documentation

@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11809024912

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 199683

Questions ?

Please refer to the Backport tool documentation

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199683 locally

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 14, 2024
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199683 locally

@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199683 locally

CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
## Summary

fixes: elastic#198632

FTR failed due to the usage of relative start and end when querying for
the graph.

Together with @tinnytintin10 we decided it is safe to assume the time to
query would be 30 minutes before and after the alert.

**Some enhancements and fixes:**
- Disabled re-fetch /graph API when window focus returned

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
@kfirpeled
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kfirpeled added a commit to kfirpeled/kibana that referenced this pull request Nov 18, 2024
## Summary

fixes: elastic#198632

FTR failed due to the usage of relative start and end when querying for
the graph.

Together with @tinnytintin10 we decided it is safe to assume the time to
query would be 30 minutes before and after the alert.

**Some enhancements and fixes:**
- Disabled re-fetch /graph API when window focus returned

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

(cherry picked from commit 5add2c8)

# Conflicts:
#	x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Nov 18, 2024
## Summary

fixes: elastic#198632

FTR failed due to the usage of relative start and end when querying for
the graph.

Together with @tinnytintin10 we decided it is safe to assume the time to
query would be 30 minutes before and after the alert.

**Some enhancements and fixes:**
- Disabled re-fetch /graph API when window focus returned

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
kfirpeled added a commit that referenced this pull request Nov 18, 2024
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Cloud Security] Fixed failing FTR
(#199683)](#199683)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kfir
Peled","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-13T01:43:58Z","message":"[Cloud
Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to
the usage of relative start and end when querying for\r\nthe
graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to
assume the time to\r\nquery would be 30 minutes before and after the
alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch
/graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete
any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport
missing","v9.0.0","backport:prev-minor"],"number":199683,"url":"https://github.com/elastic/kibana/pull/199683","mergeCommit":{"message":"[Cloud
Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to
the usage of relative start and end when querying for\r\nthe
graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to
assume the time to\r\nquery would be 30 minutes before and after the
alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch
/graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete
any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199683","number":199683,"mergeCommit":{"message":"[Cloud
Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes:
https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to
the usage of relative start and end when querying for\r\nthe
graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to
assume the time to\r\nquery would be 30 minutes before and after the
alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch
/graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete
any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests
changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28"}}]}]
BACKPORT-->
@kibanamachine kibanamachine added v8.17.0 and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes v8.17.0 v9.0.0
Projects
None yet
7 participants