-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Cloud Security] Fixed failing FTR #199683
Conversation
start: moment(timestamp).subtract(30, 'minutes').toISOString(), | ||
end: moment(timestamp).add(30, 'minutes').toISOString(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if timestamp
is null
? In lines 37-38, start
and end
will be set to null
.
Should we default to something like i.e. 'now-30m/m'
and 'now+30m/m'
or is it safe to leave them as null
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great question. This component is not rendered if the timestamp is missing. The same is true when eventIds is undefined.
These checks happen on the parent component. This design is not ideal. I hope to find a better flow and refactor it. I'm also open to ideas.
and I'll run a jest UT to check what happens when timestamp is null; i'm curious myself
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@albertoblaz to answer your question, when timestamp
is null, moment(null)
returns null. Which will cause an error.
I fixed that with a default value of undefined
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should a new unit test be added to check that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having to think about the side effect of moment(undefined)
leading to the current Timestamp, seems to add to me some cognitive load that I would like to avoid it possible, i.e instead of falling back to undefined we can explicitly fallback to the current date object.
Also, I liked @albertoblaz suggestion of using Elasticsearch relatives start/end, so I guess we could combine both suggestions in this way for ex:
const timestamp = getField(getFieldsData('@timestamp')) ?? new Date().toISOString();
const { isLoading, isError, data } = useFetchGraphData({
req: {
query: {
eventIds,
start: `${timestamp}||-30m`,
end: `${timestamp}||+30m`,
},
},
options: {
refetchOnWindowFocus: false,
},
});
This way we can even remove moment
as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also as @PhilippeOberti pointed out, some unit tests to check how useFetchGraphData
is called based on the getFieldsData
would be important
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @opauloh , @PhilippeOberti !
I enhanced the assertions of the current UT and changed the logic to use date math
I believe it is more robust now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
approving as the code LGTM, but I feel like unit tests should be improved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this wasn't introduced by this PR specifically, but I just realized that these test only check the isAuditLog
values, instead of checking everything that the useGraphPreview
returns (timestamp
, eventIds
, actorIds
, action
and isAuditLog
).
I feel like it would be better to verify all the values.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as an example, you made a change to the hook by adding a new timestamp
property returned, but none of these test verify that this property exists or what its value should be...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good point @PhilippeOberti , I added assertion for the other values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Starting backport for target branches: 8.x |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
History
|
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
Starting backport for target branches: 8.x |
💔 All backports failed
Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
## Summary fixes: elastic#198632 FTR failed due to the usage of relative start and end when querying for the graph. Together with @tinnytintin10 we decided it is safe to assume the time to query would be 30 minutes before and after the alert. **Some enhancements and fixes:** - Disabled re-fetch /graph API when window focus returned ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
## Summary fixes: elastic#198632 FTR failed due to the usage of relative start and end when querying for the graph. Together with @tinnytintin10 we decided it is safe to assume the time to query would be 30 minutes before and after the alert. **Some enhancements and fixes:** - Disabled re-fetch /graph API when window focus returned ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed (cherry picked from commit 5add2c8) # Conflicts: # x-pack/test/cloud_security_posture_functional/pages/alerts_flyout.ts
## Summary fixes: elastic#198632 FTR failed due to the usage of relative start and end when querying for the graph. Together with @tinnytintin10 we decided it is safe to assume the time to query would be 30 minutes before and after the alert. **Some enhancements and fixes:** - Disabled re-fetch /graph API when window focus returned ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed
# Backport This will backport the following commits from `main` to `8.x`: - [[Cloud Security] Fixed failing FTR (#199683)](#199683) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kfir Peled","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-13T01:43:58Z","message":"[Cloud Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes: https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to the usage of relative start and end when querying for\r\nthe graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to assume the time to\r\nquery would be 30 minutes before and after the alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch /graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport missing","v9.0.0","backport:prev-minor"],"number":199683,"url":"https://github.com/elastic/kibana/pull/199683","mergeCommit":{"message":"[Cloud Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes: https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to the usage of relative start and end when querying for\r\nthe graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to assume the time to\r\nquery would be 30 minutes before and after the alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch /graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199683","number":199683,"mergeCommit":{"message":"[Cloud Security] Fixed failing FTR (#199683)\n\n## Summary\r\n\r\nfixes: https://github.com/elastic/kibana/issues/198632\r\n\r\nFTR failed due to the usage of relative start and end when querying for\r\nthe graph.\r\n\r\nTogether with @tinnytintin10 we decided it is safe to assume the time to\r\nquery would be 30 minutes before and after the alert.\r\n\r\n**Some enhancements and fixes:**\r\n- Disabled re-fetch /graph API when window focus returned\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed","sha":"5add2c82db7d26b96b66e078606fbdc428fefc28"}}]}] BACKPORT-->
Summary
fixes: #198632
FTR failed due to the usage of relative start and end when querying for the graph.
Together with @tinnytintin10 we decided it is safe to assume the time to query would be 30 minutes before and after the alert.
Some enhancements and fixes:
Checklist
Delete any items that are not applicable to this PR.