Refactor

elastic · Jul 18, 2024 · b087bf4 · b087bf4
1 parent 11c7ebc
commit b087bf4
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 39 deletions.
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts
@@ -47,6 +47,9 @@ export const getOutputRuleAlertForRest = (): RuleResponse => ({
   from: 'now-6m',
   id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd',
   immutable: false,
+  rule_source: {
+    type: 'internal',
+  },
   index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
   interval: '5m',
   risk_score: 50,

diff --git a/...e/rule_management/logic/detection_rules_client/converters/common_params_camel_to_snake.ts b/...e/rule_management/logic/detection_rules_client/converters/common_params_camel_to_snake.ts
@@ -5,9 +5,9 @@
  * 2.0.
  */
 
+import { convertObjectKeysToSnakeCase } from '../../../../../../utils/object_case_converters';
 import type { BaseRuleParams } from '../../../../rule_schema';
 import { migrateLegacyInvestigationFields } from '../../../utils/utils';
-import { normalizeRuleSource } from './normalize_rule_source';
 
 export const commonParamsCamelToSnake = (params: BaseRuleParams) => {
   return {
@@ -39,10 +39,7 @@ export const commonParamsCamelToSnake = (params: BaseRuleParams) => {
     version: params.version,
     exceptions_list: params.exceptionsList,
     immutable: params.immutable,
-    rule_source: normalizeRuleSource({
-      immutable: params.immutable,
-      ruleSource: params.ruleSource,
-    }),
+    rule_source: convertObjectKeysToSnakeCase(params.ruleSource),
     related_integrations: params.relatedIntegrations ?? [],
     required_fields: params.requiredFields ?? [],
     setup: params.setup ?? '',

diff --git a/.../rule_management/logic/detection_rules_client/converters/internal_rule_to_api_response.ts b/.../rule_management/logic/detection_rules_client/converters/internal_rule_to_api_response.ts
@@ -17,6 +17,7 @@ import {
 } from '../../../normalization/rule_actions';
 import { typeSpecificCamelToSnake } from './type_specific_camel_to_snake';
 import { commonParamsCamelToSnake } from './common_params_camel_to_snake';
+import { normalizeRuleParams } from './normalize_rule_params';
 
 export const internalRuleToAPIResponse = (
   rule: SanitizedRule<RuleParams> | ResolvedSanitizedRule<RuleParams>
@@ -31,6 +32,7 @@ export const internalRuleToAPIResponse = (
   const alertActions = rule.actions.map(transformAlertToRuleAction);
   const throttle = transformFromAlertThrottle(rule);
   const actions = transformToActionFrequency(alertActions, throttle);
+  const normalizedRuleParams = normalizeRuleParams(rule.params);
 
   return {
     // saved object properties
@@ -49,7 +51,7 @@ export const internalRuleToAPIResponse = (
     enabled: rule.enabled,
     revision: rule.revision,
     // Security solution shared rule params
-    ...commonParamsCamelToSnake(rule.params),
+    ...commonParamsCamelToSnake(normalizedRuleParams),
     // Type specific security solution rule params
     ...typeSpecificCamelToSnake(rule.params),
     // Actions

diff --git a/.../converters/normalize_rule_source.test.ts → .../converters/normalize_rule_params.test.ts b/.../converters/normalize_rule_source.test.ts → .../converters/normalize_rule_params.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { normalizeRuleSource } from './normalize_rule_source';
+import { normalizeRuleSource } from './normalize_rule_params';
 import type { BaseRuleParams } from '../../../../rule_schema';
 
 describe('normalizeRuleSource', () => {

diff --git a/...n_engine/rule_management/logic/detection_rules_client/converters/normalize_rule_params.ts b/...n_engine/rule_management/logic/detection_rules_client/converters/normalize_rule_params.ts
@@ -0,0 +1,47 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+import type { BaseRuleParams, RuleSourceCamelCased } from '../../../../rule_schema';
+
+interface NormalizeRuleSourceParams {
+  immutable: BaseRuleParams['immutable'];
+  ruleSource: BaseRuleParams['ruleSource'];
+}
+
+/*
+ * Since there's no mechanism to migrate all rules at the same time,
+ * we cannot guarantee that the ruleSource params is present in all rules.
+ * This function will normalize the ruleSource param, creating it if does
+ * not exist in ES, based on the immutable param.
+ */
+export const normalizeRuleSource = ({
+  immutable,
+  ruleSource,
+}: NormalizeRuleSourceParams): RuleSourceCamelCased => {
+  if (!ruleSource) {
+    const normalizedRuleSource: RuleSourceCamelCased = immutable
+      ? {
+          type: 'external',
+          isCustomized: false,
+        }
+      : {
+          type: 'internal',
+        };
+
+    return normalizedRuleSource;
+  }
+  return ruleSource;
+};
+
+export const normalizeRuleParams = (params: BaseRuleParams) => {
+  return {
+    ...params,
+    ruleSource: normalizeRuleSource({
+      immutable: params.immutable,
+      ruleSource: params.ruleSource,
+    }),
+  };
+};
diff --git a/...n_engine/rule_management/logic/detection_rules_client/converters/normalize_rule_source.ts b/...n_engine/rule_management/logic/detection_rules_client/converters/normalize_rule_source.ts
diff --git a/..._solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.test.ts b/..._solution/server/lib/detection_engine/rule_management/logic/export/get_export_all.test.ts
@@ -100,6 +100,9 @@ describe('getExportAll', () => {
       from: 'now-6m',
       id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd',
       immutable: false,
+      rule_source: {
+        type: 'internal',
+      },
       index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
       interval: '5m',
       rule_id: 'rule-1',
@@ -280,6 +283,9 @@ describe('getExportAll', () => {
       from: 'now-6m',
       id: '04128c15-0d1b-4716-a4c5-46997ac7f3bd',
       immutable: false,
+      rule_source: {
+        type: 'internal',
+      },
       index: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
       interval: '5m',
       rule_id: 'rule-1',

diff --git a/...gins/security_solution/server/lib/detection_engine/rule_schema/model/rule_schemas.mock.ts b/...gins/security_solution/server/lib/detection_engine/rule_schema/model/rule_schemas.mock.ts
@@ -32,6 +32,9 @@ export const getBaseRuleParams = (): BaseRuleParams => {
     description: 'Detecting root and admin users',
     falsePositives: [],
     immutable: false,
+    ruleSource: {
+      type: 'internal',
+    },
     from: 'now-6m',
     to: 'now',
     severity: 'high',