Adds point in time finder methods and functions

packages/kbn-securitysolution-io-ts-list-types/src/common/index.ts

@@ -35,6 +35,7 @@ export * from './list_operator';
 export * from './list_type';
 export * from './lists';
 export * from './lists_default_array';
+export * from './max_size';
 export * from './meta';
 export * from './name';
 export * from './non_empty_entries_array';

packages/kbn-securitysolution-io-ts-list-types/src/common/max_size/index.test.ts

@@ -0,0 +1,59 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+import { exactCheck } from '@kbn/securitysolution-io-ts-utils';
+import { maxSizeOrUndefined } from '.';
+
+import { pipe } from 'fp-ts/lib/pipeable';
+import { left } from 'fp-ts/lib/Either';
+
+import { foldLeftRight, getPaths } from '@kbn/securitysolution-io-ts-utils';
+
+describe('maxSizeOrUndefined', () => {
+  test('it will validate a correct max value', () => {
+    const payload = 123;
+    const decoded = maxSizeOrUndefined.decode(payload);
+    const checked = exactCheck(payload, decoded);
+    const message = pipe(checked, foldLeftRight);
+    expect(getPaths(left(message.errors))).toEqual([]);
+    expect(message.schema).toEqual(payload);
+  });
+
+  test('it will fail to validate a 0', () => {
+    const payload = 0;
+    const decoded = maxSizeOrUndefined.decode(payload);
+    const checked = exactCheck(payload, decoded);
+    const message = pipe(checked, foldLeftRight);
+    expect(getPaths(left(message.errors))).toEqual([
+      'Invalid value "0" supplied to "(PositiveIntegerGreaterThanZero | undefined)"',
+    ]);
+    expect(message.schema).toEqual({});
+  });
+
+  test('it will fail to validate a -1', () => {
+    const payload = -1;
+    const decoded = maxSizeOrUndefined.decode(payload);
+    const checked = exactCheck(payload, decoded);
+    const message = pipe(checked, foldLeftRight);
+    expect(getPaths(left(message.errors))).toEqual([
+      'Invalid value "-1" supplied to "(PositiveIntegerGreaterThanZero | undefined)"',
+    ]);
+    expect(message.schema).toEqual({});
+  });
+
+  test('it will fail to validate a string', () => {
+    const payload = '123';
+    const decoded = maxSizeOrUndefined.decode(payload);
+    const checked = exactCheck(payload, decoded);
+    const message = pipe(checked, foldLeftRight);
+    expect(getPaths(left(message.errors))).toEqual([
+      'Invalid value "123" supplied to "(PositiveIntegerGreaterThanZero | undefined)"',
+    ]);
+    expect(message.schema).toEqual({});
+  });
+});

packages/kbn-securitysolution-io-ts-list-types/src/common/max_size/index.ts

@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+/* eslint-disable @typescript-eslint/naming-convention */
+
+import { PositiveIntegerGreaterThanZero } from '@kbn/securitysolution-io-ts-types';
+import * as t from 'io-ts';
+
+export const max_size = PositiveIntegerGreaterThanZero;
+export type MaxSize = t.TypeOf<typeof max_size>;
+
+export const maxSizeOrUndefined = t.union([max_size, t.undefined]);
+export type MaxSizeOrUndefined = t.TypeOf<typeof maxSizeOrUndefined>;

x-pack/plugins/lists/server/services/exception_lists/exception_list_client.ts

@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import {
+import type {
   KibanaRequest,
   SavedObjectsClientContract,
   SavedObjectsClosePointInTimeResponse,
@@ -29,7 +29,7 @@ import type {
   ServerExtensionCallbackContext,
 } from '../extension_points';
 
-import {
+import type {
   ClosePointInTimeOptions,
   ConstructorOptions,
   CreateEndpointListItemOptions,
@@ -42,9 +42,13 @@ import {
   ExportExceptionListAndItemsOptions,
   FindEndpointListItemOptions,
   FindExceptionListItemOptions,
+  FindExceptionListItemPointInTimeFinderOptions,
+  FindExceptionListItemsPointInTimeFinderOptions,
   FindExceptionListOptions,
+  FindExceptionListPointInTimeFinderOptions,
   FindExceptionListsItemOptions,
   FindValueListExceptionListsItems,
+  FindValueListExceptionListsItemsPointInTimeFinder,
   GetEndpointListItemOptions,
   GetExceptionListItemOptions,
   GetExceptionListOptions,
@@ -71,10 +75,7 @@ import { deleteExceptionList } from './delete_exception_list';
 import { deleteExceptionListItem, deleteExceptionListItemById } from './delete_exception_list_item';
 import { findExceptionListItem } from './find_exception_list_item';
 import { findExceptionList } from './find_exception_list';
-import {
-  findExceptionListsItem,
-  findValueListExceptionListItems,
-} from './find_exception_list_items';
+import { findExceptionListsItem } from './find_exception_list_items';
 import { createEndpointList } from './create_endpoint_list';
 import { createEndpointTrustedAppsList } from './create_endpoint_trusted_apps_list';
 import { PromiseFromStreams, importExceptions } from './import_exception_list_and_items';
@@ -89,6 +90,11 @@ import {
 } from './utils/import/create_exceptions_stream_logic';
 import { openPointInTime } from './open_point_in_time';
 import { closePointInTime } from './close_point_in_time';
+import { findExceptionListPointInTimeFinder } from './find_exception_list_point_in_time_finder';
+import { findValueListExceptionListItems } from './find_value_list_exception_list_items';
+import { findExceptionListsItemPointInTimeFinder } from './find_exception_list_items_point_in_time_finder';
+import { findValueListExceptionListItemsPointInTimeFinder } from './find_value_list_exception_list_items_point_in_time_finder';
+import { findExceptionListItemPointInTimeFinder } from './find_exception_list_item_point_in_time_finder';
 
 export class ExceptionListClient {
   private readonly user: string;
@@ -933,4 +939,128 @@ export class ExceptionListClient {
       savedObjectsClient,
     });
   };
+
+  // TODO: Add JSDoc
+  public findExceptionListItemPointInTimeFinder = async ({
+    executeFunctionOnStream,
+    filter,
+    listId,
+    maxSize,
+    namespaceType,
+    perPage,
+    sortField,
+    sortOrder,
+  }: FindExceptionListItemPointInTimeFinderOptions): Promise<void> => {
+    const { savedObjectsClient } = this;
+    return findExceptionListItemPointInTimeFinder({
+      executeFunctionOnStream,
+      filter,
+      listId,
+      maxSize,
+      namespaceType,
+      perPage,
+      savedObjectsClient,
+      sortField,
+      sortOrder,
+    });
+  };
+
+  /**
+   * Finds an exception list within a point in time (PIT) and then calls the function
+   * `executeFunctionOnStream` until the maxPerPage is reached and stops.
+   * NOTE: This is slightly different from the saved objects version in that it takes
+   * an injected function, so that we avoid doing additional plumbing with generators
+   * to try to keep the maintenance of this machinery simpler for now.
+   *
+   * If you want to stream all results up to 10k into memory for correlation this would be:
+   * @example
+   * ```ts
+   * const myResult: FoundExceptionListSchema[] = [];
+   * const executeFunctionOnStream = (response: FoundExceptionListSchema) => {
+   *   myResult.push(response);
+   * }
+   * await client.findExceptionListPointInTimeFinder({
+   *   filter,
+   *   executeFunctionOnStream,
+   *   namespaceType,
+   *   perPage: 100,
+   *   sortField,
+   *   sortOrder,
+   *   exe
+   * });
+   * ```
+   * @param filter {string} Your filter
+   * @param namespaceType {string} "agnostic" | "single" of your namespace
+   * @param perPage {number} The number of items per page. Typical value should be 1_000 here. Never go above 10_000
+   * @param maxSize {number of undefined} If given a max size, this will not exceeded. Otherwise if undefined is passed down, all records will be processed.
+   * @param sortField {string} String of the field to sort against
+   * @param sortOrder "asc" | "desc" The order to sort against
+   */
+  public findExceptionListPointInTimeFinder = async ({
+    executeFunctionOnStream,
+    filter,
+    maxSize,
+    namespaceType,
+    perPage,
+    sortField,
+    sortOrder,
+  }: FindExceptionListPointInTimeFinderOptions): Promise<void> => {
+    const { savedObjectsClient } = this;
+    return findExceptionListPointInTimeFinder({
+      executeFunctionOnStream,
+      filter,
+      maxSize,
+      namespaceType,
+      perPage,
+      savedObjectsClient,
+      sortField,
+      sortOrder,
+    });
+  };
+
+  // TODO: Add JSDoc
+  public findExceptionListsItemPointInTimeFinder = async ({
+    listId,
+    namespaceType,
+    executeFunctionOnStream,
+    maxSize,
+    filter,
+    perPage,
+    sortField,
+    sortOrder,
+  }: FindExceptionListItemsPointInTimeFinderOptions): Promise<void> => {
+    const { savedObjectsClient } = this;
+    return findExceptionListsItemPointInTimeFinder({
+      executeFunctionOnStream,
+      filter,
+      listId,
+      maxSize,
+      namespaceType,
+      perPage,
+      savedObjectsClient,
+      sortField,
+      sortOrder,
+    });
+  };
+
+  // TODO: Add JSDoc
+  public findValueListExceptionListItemsPointInTimeFinder = async ({
+    valueListId,
+    executeFunctionOnStream,
+    perPage,
+    maxSize,
+    sortField,
+    sortOrder,
+  }: FindValueListExceptionListsItemsPointInTimeFinder): Promise<void> => {
+    const { savedObjectsClient } = this;
+    return findValueListExceptionListItemsPointInTimeFinder({
+      executeFunctionOnStream,
+      maxSize,
+      perPage,
+      savedObjectsClient,
+      sortField,
+      sortOrder,
+      valueListId,
+    });
+  };
 }

x-pack/plugins/lists/server/services/exception_lists/exception_list_client_types.ts

@@ -23,6 +23,8 @@ import type {
   ExceptionListTypeOrUndefined,
   ExportExceptionDetails,
   FilterOrUndefined,
+  FoundExceptionListItemSchema,
+  FoundExceptionListSchema,
   Id,
   IdOrUndefined,
   Immutable,
@@ -32,6 +34,7 @@ import type {
   ItemIdOrUndefined,
   ListId,
   ListIdOrUndefined,
+  MaxSizeOrUndefined,
   MetaOrUndefined,
   Name,
   NameOrUndefined,
@@ -282,3 +285,45 @@ export interface OpenPointInTimeOptions {
 export interface ClosePointInTimeOptions {
   pit: PitId;
 }
+
+export interface FindExceptionListItemPointInTimeFinderOptions {
+  listId: ListId;
+  namespaceType: NamespaceType;
+  filter: FilterOrUndefined;
+  perPage: PerPageOrUndefined;
+  sortField: SortFieldOrUndefined;
+  sortOrder: SortOrderOrUndefined;
+  executeFunctionOnStream: (response: FoundExceptionListItemSchema) => void;
+  maxSize: MaxSizeOrUndefined;
+}
+
+export interface FindExceptionListPointInTimeFinderOptions {
+  maxSize: MaxSizeOrUndefined;
+  namespaceType: NamespaceTypeArray;
+  filter: FilterOrUndefined;
+  perPage: PerPageOrUndefined;
+  sortField: SortFieldOrUndefined;
+  sortOrder: SortOrderOrUndefined;
+  executeFunctionOnStream: <T>(response: FoundExceptionListSchema) => T;
+}
+
+export interface FindExceptionListItemsPointInTimeFinderOptions {
+  listId: NonEmptyStringArrayDecoded;
+  namespaceType: NamespaceTypeArray;
+  filter: EmptyStringArrayDecoded;
+  perPage: PerPageOrUndefined;
+  sortField: SortFieldOrUndefined;
+  sortOrder: SortOrderOrUndefined;
+  executeFunctionOnStream: (response: FoundExceptionListItemSchema) => void;
+  maxSize: MaxSizeOrUndefined;
+}
+
+export interface FindValueListExceptionListsItemsPointInTimeFinder {
+  valueListId: Id;
+  savedObjectsClient: SavedObjectsClientContract;
+  perPage: PerPageOrUndefined;
+  sortField: SortFieldOrUndefined;
+  sortOrder: SortOrderOrUndefined;
+  executeFunctionOnStream: (response: FoundExceptionListItemSchema) => void;
+  maxSize: MaxSizeOrUndefined;
+}