[Security Solution] [Sourcerer] Update available on legacy timelines #120022
Conversation
stephmilovic
added
v8.0.0
release_note:skip
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
from design, overall all these look great and thanks for accounting for all the possible flows! even flow 6 (which is a very rare edge case I don't expect a lot of users to come across) is very clear in what happens. All good from design - please remember to update the width of the time selector so it is it's default width and have the lock and refresh button moved to be beside it. It can be in this PR or in a separate one, whatever's better for you |
x-pack/plugins/security_solution/public/app/home/template_wrapper/bottom_bar/index.tsx
Outdated
Show resolved
Hide resolved
| }} | ||
| /> | ||
| </> | ||
| ) as unknown as string, |
There was a problem hiding this comment.
Curiosity: Why double casting?
There was a problem hiding this comment.
TS2352: Conversion of type 'Element' to type 'string' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.
There was a problem hiding this comment.
but i need the link here... maybe ill submit a ticket to core asking this prop be updated
x-pack/plugins/security_solution/public/common/components/sourcerer/temporary.tsx
Outdated
Show resolved
Hide resolved
x-pack/plugins/security_solution/public/common/components/sourcerer/temporary.tsx
Outdated
Show resolved
Hide resolved
| setPopoverIsOpen(false); | ||
| }, [onChangeDataView, dataViewId, selectedOptions]); | ||
|
|
||
| const handleClosePopOver = useCallback(() => { | ||
| setPopoverIsOpen(false); | ||
| setExpandAdvancedOptions(false); | ||
| }, []); | ||
| const trigger = useMemo( |
There was a problem hiding this comment.
moved into its own component
|
|
||
| const dataViewSelectOptions = useMemo( |
There was a problem hiding this comment.
moved into usePickIndexPatterns
| }, [selectedDataViewId]); | ||
|
|
||
| const tooltipContent = useMemo( |
There was a problem hiding this comment.
moved into its own component along with buttonWithTooltip
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
|
I found some inconstancy in the index patterns options, nothing todo with these flow though. In the first picture, the index pattern of security alert is not selectable, but we still can tick |
| export const ensurePatternFormat = (patternList: string[]): string[] => | ||
| [ | ||
| ...new Set( | ||
| patternList.reduce((acc: string[], pattern: string) => [...pattern.split(','), ...acc], []) |
There was a problem hiding this comment.
very nitpicking:
| patternList.reduce((acc: string[], pattern: string) => [...pattern.split(','), ...acc], []) | |
| patternList.flatMap((pattern) => pattern.split(',')) |
Or even more FP!
import { split } from "lodash/fp";
...
patternList.flatMap(split(','))
Oooor point-free style:
import { split, flatMap } from "lodash/fp";
...
flatMap(split(','), patternList)
| ...(isEmpty(selectedPatterns) | ||
| missingPatterns, | ||
| // if in timeline, allow for empty in case pattern was deleted | ||
| // need flow for this |
There was a problem hiding this comment.
whoops, nope thats flow 6. i need to delete this comment
@angorayc yes ill do that in a follow up |
💔 Backport failed
To backport manually run: |
ghost
mentioned this pull request
Summary
Resolves https://github.com/elastic/security-team/issues/1921
Implements an "Update available" workflow for pre-8.0 timelines and timelines that have indices that got deleted from the default data view
To test: save this json as a
timelines.ndjsonfile and upload the timelines to the timelines page in security solutionFlow 1
Note: i paused the most in this flow so y'all can ready the copy, the rest of the flows go quicker
Legacy Timeline includes an active index pattern that is not included in the default data view, user decides to update data view. Page refresh is prompted
Flow 2
Legacy Timeline includes an active index pattern that is not included in the default data view, user decides to update to the new sourcerer with only the indices that already exist in the data view
Flow 3
Legacy Timeline includes an active index pattern that is not included in the default data view, user decides to reset to the new sourcerer and abandon their index pattern
Flow 4
Legacy Timeline index patterns are ALL included in the default data view, user updates to the new sourcerer without needing to update the data view
Flow 5
Legacy Timeline none of the index patterns in the legacy timeline match, don't allow user to upgrade data view. Forces them to reset to new sourcerer or keep a bad index pattern
Flow 6
Start with a valid non-legacy timeline. Delete one of the index patterns from advanced settings. Fallsback into temporary timeline and prompts user to re-add the deleted index pattern
Flow 7
Error state, not expected
Checklist