Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TGrid] Alerts status update use RBAC api #108092

Merged
merged 25 commits into from
Aug 14, 2021
Merged

[TGrid] Alerts status update use RBAC api #108092

merged 25 commits into from
Aug 14, 2021

Conversation

semd
Copy link
Contributor

@semd semd commented Aug 10, 2021
edited by asnehalb
Loading

Summary

Call RBAC alerts bulk update endpoint from the tGrid status bulk update. It is used in 3 different places:

  • Bulk status update
    bulkstatusupdate

  • Single status update from table row
    singlestatusupdaterow

  • SIngle status update from flyout
    singlestatusupdateflyout

ℹ️- Currently allowing both in-progress and acknowledged status. The in-progress status will need to be cleaned in the status field migration.

Checklist

Delete any items that are not applicable to this PR.

@semd semd changed the title [TGrid] RAC alerts bulk update endpoint WIP [TGrid] RAC alerts bulk update endpoint Aug 11, 2021
@jasonrhodes jasonrhodes mentioned this pull request Aug 11, 2021
Closed
52 tasks
@michaelolo24 michaelolo24 mentioned this pull request Aug 11, 2021
Closed
48 tasks
@peluja1012 peluja1012 mentioned this pull request Aug 11, 2021
Closed
13 tasks
dhurley14 and others added 13 commits August 11, 2021 17:54
@dhurley14
adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates test…
73b97e3 
…s and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals
@dhurley14
allow object and string types in query param, fixed single update api…
d6094df 
… to use WORKFLOW_STATUS instead of ALERT_STATUS
@dhurley14
adds additional integration test for when query is a DSL object in ad…
1a7cfd4 
…dtion to KQL string
@semd
merge master
ec8ada3
@semd
Merge branch 'tgrid-bulk-actions-rbac-update' into fix-bulk-update-api
f82720b
@semd
Merge pull request #1 from dhurley14/fix-bulk-update-api
18e1f8b 
adds replace ALERT_STATUS with ALERT_WORKFLOW_STATUS and updates tests and adds logic for switching between signal.status and workflow status when updating alerts in .siem-signals
@semd
Merge remote-tracking branch 'upstream/master' into tgrid-bulk-action…
f91de3f 
…s-rbac-update
@dhurley14
optionally use fields api in requests if _source does not contain aut…
cae0960 
…hz properties
@semd
integrate bulk update to all hook calls
918c4bd
@dhurley14
adds fields support, fixes bug where we were writing to 'signals.stat…
7cbec10 
…us' and not { signals: {status }} in alerts client
@semd
Merge pull request #2 from dhurley14/sergi_hotfix_bulk_update
dab6006 
optionally use fields api in requests if _source does not contain authz properties
@semd
Merge branch 'tgrid-bulk-actions-rbac-update' of https://github.com/s…
120029e 
…emd/kibana into tgrid-bulk-actions-rbac-update
@semd
clean up and fixes
7ef80cf
@semd semd marked this pull request as ready for review August 12, 2021 17:34
@semd semd requested review from a team as code owners August 12, 2021 17:34
@semd semd changed the title WIP [TGrid] RAC alerts bulk update endpoint [TGrid] RAC alerts bulk update endpoint Aug 12, 2021
@semd semd added v7.15.0 v8.0.0 release_note:skip Skip the PR/issue when compiling release notes auto-backport Deprecated - use backport:version if exact versions are needed Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Aug 12, 2021
michaelolo24
michaelolo24 reviewed Aug 13, 2021
View reviewed changes
packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts
@@ -27,7 +27,7 @@ export const AlertConsumers = {
SYNTHETICS: 'synthetics',
} as const;
export type AlertConsumers = typeof AlertConsumers[keyof typeof AlertConsumers];
export type STATUS_VALUES = 'open' | 'acknowledged' | 'closed';
export type STATUS_VALUES = 'open' | 'acknowledged' | 'closed' | 'in-progress'; // TODO: remove 'in-progress' after migration to 'acknowledged'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dplumlee - just pinging you here since you're working on these changes

michaelolo24
michaelolo24 reviewed Aug 13, 2021
View reviewed changes
x-pack/plugins/rule_registry/server/alert_data_client/alerts_client.ts
return buildEsQuery(
let esQuery;
if (id != null) {
esQuery = { query: `_id:${id}`, language: 'kuery' };
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be helpful to have a comment here describing how these different scenarios happen

michaelolo24
michaelolo24 reviewed Aug 13, 2021
View reviewed changes
x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts
status: t.union([
t.literal('open'),
t.literal('closed'),
t.literal('in-progress'), // TODO: remove after migration to acknowledged
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dplumlee

michaelolo24
michaelolo24 reviewed Aug 13, 2021
View reviewed changes
x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts
status: t.union([
t.literal('open'),
t.literal('closed'),
t.literal('in-progress'), // TODO: remove after migration to acknowledged
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dplumlee

@jasonrhodes
Copy link
Member

FWIW I've been attempting to do some type safe "workflow_status" migration updates in an existing PR that I'm hoping to get in today before I leave.

@dhurley14 dhurley14 mentioned this pull request Aug 13, 2021
Merged
3 tasks
michaelolo24
michaelolo24 approved these changes Aug 14, 2021
View reviewed changes
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested again, works great and thanks for taking care of all of those changes! 💪🏾

@michaelolo24 michaelolo24 merged commit a7661a5 into elastic:master Aug 14, 2021
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Aug 14, 2021
@semd @dhurley14 @kibanamachine
[TGrid] Alerts status update use RAC api (elastic#108092)
70b6098 
Co-authored-by: Devin Hurley <[email protected]>
@kibanamachine kibanamachine mentioned this pull request Aug 14, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Aug 14, 2021
@kibanamachine @semd @dhurley14
[TGrid] Alerts status update use RAC api (#108092) (#108624)
27f2b11 
Co-authored-by: Devin Hurley <[email protected]>

Co-authored-by: Sergi Massaneda <[email protected]>
Co-authored-by: Devin Hurley <[email protected]>
@asnehalb asnehalb changed the title [TGrid] Alerts status update use RAC api [TGrid] Alerts status update use RBAC api Aug 18, 2021
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
timelines 246 312 +66

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 6.5MB 6.5MB +264.0B
timelines 308.7KB 391.5KB +82.8KB
total +83.0KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
timelines 309.5KB 309.8KB +346.0B
Unknown metric groups

References to deprecated APIs

id before after diff
timelines 76 78 +2

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dhurley14 @semd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yctercero yctercero yctercero left review comments

@FrankHassanabad FrankHassanabad FrankHassanabad left review comments

@dhurley14 dhurley14 dhurley14 left review comments

@michaelolo24 michaelolo24 michaelolo24 approved these changes

Assignees

@dhurley14 dhurley14

@semd semd

Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team Theme: rac label obsolete v7.15.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@semd @elasticmachine @jasonrhodes @kibanamachine @dhurley14 @FrankHassanabad @yctercero @michaelolo24