[Security Solution] [Sourcerer] Replaces references to sourcerer search strategy with api provided by kibana data views plugin #149360
Conversation
…h does not. I think the missing link between the two is the loading states and the fields / title (stringified vs array of strings). Check out the differences and try to tie them into the ad-hoc-dv-sourcerer branch
dhurley14
changed the title
…re-implement field browser, also add refresh button (maybe?) to sourcerer when dataview pattern list does not match pattern list in redux
…picks it up as a data view, updates types
dhurley14
force-pushed
the
working-ad-hoc-dv-sourcerer
branch
from
820f813 to
b6bfca2
Compare
…solve some cypress test issues
…ed get fn on the data view mock
…nfinitely in a jest test, so I re-wrote the useEffect as a callback which seemed to resolve the situation. Also updated the exported getCategory in triggers_actions_ui
| fetchDataViews(); | ||
| }, [dataServices.dataViews]); | ||
| fetchDV(); | ||
| // eslint-disable-next-line react-hooks/exhaustive-deps |
There was a problem hiding this comment.
can we avoid disabling this eslint rule?
It may lead to stale data in hook and relying business logic on eslint rule would increase cost of maintenance and will be prone to issues in future
| @@ -196,39 +196,39 @@ describe('Bulk editing index patterns of rules with index patterns and rules wit | |||
| waitForRulesTableToBeLoaded(); | |||
| }); | |||
|
|
|||
| it('Add index patterns to custom rules: one rule is updated, one rule is skipped', () => { | |||
| it('Add index patterns to custom rules when overwrite data view checkbox is checked: all rules are updated', () => { | |||
There was a problem hiding this comment.
nit: were these tests just swap in places? I don't see any changes in them. If it so, maybe swapping it back would remove this file from PR diff
There was a problem hiding this comment.
Yup just a swap. In their original format they were failing but switching them around made it pass.
There was a problem hiding this comment.
Do you know why they failed?
Do they have some dependant data?
There was a problem hiding this comment.
Was this a timeout?
I wrote this tests and can't figure out why switching the order would help.
I could revisit them later if you still have some of the logs for these
| }; | ||
| }, [indexNames, indexFieldsSearch, previousIndexesName]); | ||
| // eslint-disable-next-line react-hooks/exhaustive-deps | ||
| }, [indexNames]); |
There was a problem hiding this comment.
can we avoid disabling this eslint rule?
It may lead to stale data in hook and relying business logic on eslint rule would increase cost of maintenance and will be prone to issues in future
|
|
||
| setState({ | ||
| dataView: dv, | ||
| browserFields, |
There was a problem hiding this comment.
can we use dataView.fields here since browserFields is deprecated?
There was a problem hiding this comment.
The shape of the data is different between the two so unfortunately until all references to browserFields in the codebase are removed or have been updated to use the fields property on the dataview, we won't be able to remove it here.
| addError(exc?.message, { | ||
| title: i18n.ERROR_INDEX_FIELDS_SEARCH, | ||
| }); | ||
| } |
There was a problem hiding this comment.
should loading be set to false if error happens?
| loading: indexPatternsLoading, | ||
| patternList: fetchIndexReturn.indexes, | ||
| indexFields: fetchIndexReturn.indexPatterns | ||
| .fields as SelectedDataView['indexPattern']['fields'], | ||
| fields: fetchIndexReturn.indexPatterns.fields as DataViewFieldBase[], |
There was a problem hiding this comment.
this casting looks unnecessary and can be removed
| // eslint-disable-next-line react-hooks/exhaustive-deps | ||
| }, []); | ||
|
|
||
| useEffect(() => fetchDataViews(), [fetchDataViews]); |
There was a problem hiding this comment.
Hey, what is the reason to use use callback here?
The idea here, is to just fetch data view once, when the component mount.
Why not do:
useEffect(() => {
const fetchDV = async () => {...}
fetchDV();
};, []);
| @@ -328,22 +329,24 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({ | |||
| const [indicesConfig] = useUiSetting$<string[]>(DEFAULT_INDEX_KEY); | |||
| const [threatIndicesConfig] = useUiSetting$<string[]>(DEFAULT_THREAT_INDEX_KEY); | |||
|
|
|||
| useEffect(() => { | |||
| const fetchDataViews = async () => { | |||
| const fetchDataViews = useCallback(() => { | |||
There was a problem hiding this comment.
The same question as above
|
Also found that we use deprecated browserFields here Should it be fixed? and if yes in this PR, on next steps? |
There was a problem hiding this comment.
I left some comments, but it LGTM!
Great work @dhurley14, and really nice description of the story which provides a lot of context!
…bana into working-ad-hoc-dv-sourcerer
There was a problem hiding this comment.
Thanks for the discussion offline @dhurley14
After discussion with @peluja1012 and @caitlinbetz we are OK with this change since we have required logs-* read permissions in Elastic Security for some time. Docs: https://www.elastic.co/guide/en/security/current/sec-requirements.html#_kibana_space_and_index_privileges
| dataView={kibanaDataProvider} | ||
| maxDepth={2} | ||
| /> | ||
| {sourcererDataView ? ( |
There was a problem hiding this comment.
Is there ever a situation where this won't be set? Fyi @kqualters-elastic
…due to problems with the rule creation form / rule details form
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
References to deprecated APIs
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @dhurley14 |
|
Hi @vitaliidm, we will address the comments related to the disabled es-lint rules when we refactor the Rule Creation page components. We were running into unexpected behavior with hooks otherwise. |
Summary
Original outline: #138181
Issues outlining the objective of this pr: #142903 and #142907
--- title: Sourcerer Deprecation Journey --- flowchart LR A[8.7 matchedIndices <a href='https://github.com/elastic/kibana/pull/139671'>#139671</a>] --> B[Replace Sourcerer \n Search Strategy apis] subgraph you are here B end B --> C[Replace Sourcerer UI \nwith data view picker <a href='https://github.com/elastic/security-team/issues/6235'>#6235</a>] B --> D[Update code to use \n properties from \nkibana data view, \nnot sourcerer data view <a href='https://github.com/elastic/kibana/issues/155100'>#155100</a>] C --> E[Replace useSourcererDataView \nhook with Redux selector] D --> E[Replace useSourcererDataView \nhook with Redux selector] E --> F[Finished!]Overview
Since the data views plugin was introduced, maintaining our own apis for fetching sourcerer saved objects (data views) and additional types has become cumbersome and inefficient. The data views plugin provides both an efficient caching of data view saved objects and a unified interface for creating ad-hoc data views (see the changes to the
useFetchIndexhook in this PR) so that our code can now rely on a single type of saved object to interface with when fetching data.This PR is another step towards replacing sourcerer with the data view picker provided by kibana platform (which benefits users by maintaining consistency around data source selection UX) and additionally provides benefits to developers in the security solution by allowing us to reduce state-management complexity in components that rely on old
indexPatterntypes or data view types.What does this PR do, exactly?
This PR removes references to the search strategies that were implemented before the data views plugin became available, and replaces them with their corresponding apis available in the kibana data view plugin. These search strategies provided access to the data view saved object as well as the fields associated with the data view or array of index name strings.
I have also marked the server-side search strategies as deprecated (rather than deleting them) as they are being used by other teams and might be used by software outside of elastic, and I have also marked the following properties as deprecated;
browserFields,indexFields,runtimeMappings,indexPatterns,patternList,selectedPatterns, andactivePatterns. Once we have removed all references to the above listed properties we can use the data view type in our code without having to extend from it.Next steps
In a perfect world we would be able to remove all the references to the old memoized properties on the
useSourcererDataViewhook (likepatternList) and replace them with their counterparts on thesourcererDataViewobject returned by that same hook (liketitleor w/e the non-deprecated accessor is). After that is complete, we would be able to remove theuseSourcererDataViewhook entirely and replace that with the data view stored in redux returned by the selector associated with sourcerer, and then finally remove the sourcerer UI component and replace it with the UI component provided by kibana.The faster way is to update the UI and replace the sourcerer component with the kibana data view picker, and update the corresponding data view stored in redux and use that selector in the
useSourcererDataViewhook, much like how we are changing the backend systems in this pr and just mapping those properties from the data view SO to the expected memoized properties in theuseSourcererDataViewhook. Again, the end goal is really to just use the selector directly in our components and not rely on any hooks, like the following:kibana/src/plugins/discover/public/application/main/components/top_nav/discover_topnav.tsx
Line 66 in 07ca356
Bonus round
Additionally, I have written up an issue for next steps to be made to the
useFetchIndexhook which will allow it to take either an array of index names (as it currently does, returning an ad-hoc data view) or a data view id (and returning a data view). By making this change, components can remove extraneous logic relying on updating state with effects like thiskibana/x-pack/plugins/security_solution/public/timelines/components/fields_browser/index.tsx
Lines 52 to 71 in 2225de0
And like this:
kibana/x-pack/plugins/security_solution/public/detections/components/rules/step_define_rule/index.tsx
Lines 289 to 319 in 2225de0
And again..
kibana/x-pack/plugins/security_solution/public/detection_engine/rule_exceptions/logic/use_exception_flyout_data.tsx
Lines 47 to 120 in 2225de0
Checklist
Delete any items that are not applicable to this PR.
Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:
For maintainers