Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolver refactoring #70312

Merged
merged 5 commits into from
Jun 30, 2020
Merged

Resolver refactoring #70312

merged 5 commits into from
Jun 30, 2020

Conversation

oatkiller
Copy link
Contributor

@oatkiller oatkiller commented Jun 30, 2020

Summary

Hey y'all.
There's a few subjective changes here. Feel free to say 'I liked it that way.'

  • In my last PR I removed all usages of a field in DataState called relatedEventStats. I forgot to remove the field itself. This PR removes the field.
  • Move the calculation of the 'total' related events to the selector. NB: this is still calculated in the view because it was duplicated to begin with. I'll try to fix this up in my next PR.
  • Replace magFactorX (the first element of the projection matrix) with xScale for consistency with naming elsewhere in resolver.
  • Refactor calculation of actionableButtonsTopOffset for readability
  • the middleware had a call to dispatch in the try...catch used for HTTP request control flow. If dispatch threw an error due to code in the reducer or middleware, the error would be treated the same as a HTTP error (e.g. returning 500 from the server.) Moved the dispatch out of try...catch so it can be handled in the same way as other runtime errors. NB: we should look to replace our standard try...catch approach with something better.
  • The component ProcessEventListNarrowedByType was in a module called panels/panel_content_related_list.tsx. This moves it to panels/process_event_list_narrowed_by_type for readability

Checklist

Just refatoring.

  • click around the app, stuff still seems to work

For maintainers

@oatkiller oatkiller requested review from a team as code owners June 30, 2020 12:51
@oatkiller oatkiller added Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Data Visibility Team managing the endpoint resolver v7.9.0 v8.0.0 labels Jun 30, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility)

@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-app-team (Feature:Endpoint)

* Return the 'total' stats (whatever that means) for a process by entity ID
* TODO, how does this work for legacy events?
*/
export const relatedEventTotalForProcess: (
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the justification for this? I'd like to put it down in comments here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that I understand what this is doing I see that this number doesn't match the number of events. Is there any point in showing this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bkimmel you might want to comment here.

There is a difference between total events and the total amount of all the categories added up which is what is happening here. It really depends on what we want to communicate to the user. If we communicate that there are 5 total related events, when they look at the break down the values won't always added up to 5 because a single event could fall into multiple categories. So it could be confusing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I'm not following is:
how does coming up w/ this number make things less confusing?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a set of related events with the following ECS categories:
[DNS, File], [DNS, File], [Registry]
We break counts in submenus as:

DNS: 2
File: 2
Registry: 1

There are 2 choices then, for how to display the total: 5 or 3

If I'm not mistaken, I believe it was you, Robert, who suggested that 5 is less confusing (and I think everyone agreed). This is what counts to 5. There are implications in other places, but that's the crux of what's happening here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/shrug

return null;
}
let total = 0;
for (const value of Object.values(stats.events.byCategory)) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is events.byCategory a structure we made up?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

events.byCategory is what the backend returns. It's an object of number of events that fall in a particular category for example:

{
  'network': 3,
  'file': 2,
}

@oatkiller oatkiller force-pushed the resolver-refactoring branch from e899fed to d2cf840 Compare June 30, 2020 13:08
oatkiller added 4 commits June 30, 2020 09:10
Also cleanup related events view code for readability
I find this more readable.
We use try...catch for HTTP control flow logic. We don't want to treat
runtime errors the same as HTTP errors though. Move `dispatch` call
out of that try catch.
@oatkiller oatkiller force-pushed the resolver-refactoring branch from d2cf840 to 662cef4 Compare June 30, 2020 13:10
Copy link
Contributor

@michaelolo24 michaelolo24 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice cleanup

break;
}
const actionableButtonsTopOffset =
(isShowingEventActions ? 3.5 : isShowingDescriptionText ? 1 : 21) * xScale + 5;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, you don't have anything against nested ternary's from a readability standpoint?

Copy link
Contributor Author

@oatkiller oatkiller Jun 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wanted your thoughts on this (esp. since you wrote the original.)

  1. I found the original a lot to read due to boilerplate. Specifically, reading actionableButtonsTopOffset vs actionalButtonsBaseTopOffset was hard.
  2. The repeated part of actionalButtonsBaseTopOffset + and * magFactorX required me to visually compared the 3 versions to see that they were the same.
  3. I didn't realize at first that this was using true in the switch statement.
  4. I haven't read a switch statement since at least 2008 :p (but seriously)
  5. part of my motivation to make this terse is because the function it is in is long, and has many variables that aren't related to each other. That isn't the best motivation to make something terse. We could move the logic out of the function instead.

So maybe we keep it less terse? Eventually the function its in will get cleaned up.
Or maybe we keep it less terse and move it to an external fn?

Copy link
Contributor

@michaelolo24 michaelolo24 Jun 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. agreed, makes sense
  2. also makes sense
  3. I like to throw in the occasional switch every now and again 😂
  4. ^^
  5. Even if it's terse, it's still readable, so no need to revert any of it. I like moving it into an external function though because it will be a better separation of concerns and eventually it can probably be removed altogether in favor of mostly pure css.

return () => null;
}
return (event: ResolverEvent) => {
const nodeStats = statsMap.get(uniquePidForProcess(event));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just leaving the note here like we talked about before @oatkiller this function uniquePidForProcess will suffer from the same problem we talked about before where unique_pid will have collisions in the map just like the entityId function. We'll need to do the serialization or something for that function too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll get something formally added to the team's backlog about this.

* Return the 'total' stats (whatever that means) for a process by entity ID
* TODO, how does this work for legacy events?
*/
export const relatedEventTotalForProcess: (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bkimmel you might want to comment here.

There is a difference between total events and the total amount of all the categories added up which is what is happening here. It really depends on what we want to communicate to the user. If we communicate that there are 5 total related events, when they look at the break down the values won't always added up to 5 because a single event could fall into multiple categories. So it could be confusing.

return null;
}
let total = 0;
for (const value of Object.values(stats.events.byCategory)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

events.byCategory is what the backend returns. It's an object of number of events that fall in a particular category for example:

{
  'network': 3,
  'file': 2,
}

Copy link
Contributor

@bkimmel bkimmel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This ruptures a lot of things we're using in other places (counts, stats, etc.) I need a little time to understand this.

@@ -9,7 +9,6 @@ import { DataState } from '../../types';
import { ResolverAction } from '../actions';

const initialState: DataState = {
relatedEventsStats: new Map(),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logic that used to populate this piece of state has been moved to the selector called relatedEventsStats

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@@ -97,6 +97,7 @@ export const ProcessEventListNarrowedByType = memo(function ProcessEventListNarr
}) {
const processName = processEvent && event.eventName(processEvent);
const processEntityId = event.entityId(processEvent);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think more than just this file have a file name that doesn't line up with the component name. Would probably make sense to fix those as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm changing them as I find 'em. I don't think we need a rule that says '1:1 relationship between components and filenames.' That said, if a file has just one export, which is a component, it would be nice to name the component and the file the same.

@@ -24,7 +24,7 @@ import { useResolverDispatch } from './use_resolver_dispatch';
import * as event from '../../../common/endpoint/models/event';
import { ResolverEvent, ResolverNodeStats } from '../../../common/endpoint/types';
import { SideEffectContext } from './side_effect_context';
import { ProcessEventListNarrowedByType } from './panels/panel_content_related_list';
import { ProcessEventListNarrowedByType } from './panels/process_event_list_narrowed_by_type';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this file should probably be panels/index.tsx instead of just panel.tsx

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 That's not a list of process events - it's a list of related events like (registry creation, file creation, etc.). Also, if we're changing the name of one of the panel content components, we should change the prefix on all of them.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I gave it the wrong name from the export -> The file name should stay the same, the export name should change,

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe something like relatedEventListNarrowedByType ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll revert this part of the PR.

@oatkiller
Copy link
Contributor Author

This ruptures a lot of things we're using in other places (counts, stats, etc.) I need a little time to understand this.

Per our discussion, I think I've addressed your concerns. Let me know if I can do anything else.

@@ -177,11 +179,11 @@ type EventDisplayName = typeof displayNameRecord[keyof typeof displayNameRecord]
typeof unknownEventTypeMessage;

/**
* Take a gross `schemaName` and return a beautiful translated one.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ No fun allowed 📏

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just trying to get clarity.

Copy link
Contributor

@bkimmel bkimmel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw a couple things that look a little "off" there, but I don't want to hold this up.

@@ -4,14 +4,16 @@
* you may not use this file except in compliance with the Elastic License.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🆒 Thank you for not changing the name of process_event_dot . I have an attachment to the name. It's a nice reminder that everything starts as a dot.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To @kqualters-elastic point, we could probably improve it in the future by making it more like a dot and less like a giant thing with a bunch of code in it but 🤷

@oatkiller oatkiller force-pushed the resolver-refactoring branch from 662cef4 to 54043fd Compare June 30, 2020 19:27
@oatkiller
Copy link
Contributor Author

took out the part about changing file names. lets do it in a follow up w/ @bkimmel's help

@oatkiller
Copy link
Contributor Author

@bkimmel lets follow up re: anything 'off'. Otherwise I'll just keep doing more of it.

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Build metrics

✅ unchanged

History

  • 💛 Build #57484 was flaky 662cef40f0f8b84a36044cd4a17078a69654f4e1

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@oatkiller oatkiller merged commit 893525c into elastic:master Jun 30, 2020
@oatkiller oatkiller deleted the resolver-refactoring branch June 30, 2020 21:32
Bamieh pushed a commit to Bamieh/kibana that referenced this pull request Jul 1, 2020
* remove unused piece of state
* Move related event total calculation to selector
* rename xScale
* remove `let`
* Move `dispatch` call out of HTTP try-catch
oatkiller pushed a commit to oatkiller/kibana that referenced this pull request Jul 1, 2020
* remove unused piece of state
* Move related event total calculation to selector
* rename xScale
* remove `let`
* Move `dispatch` call out of HTTP try-catch
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jul 1, 2020
…-based-rbac

* upstream/master: (38 commits)
  Move logger configuration integration test to jest (elastic#70378)
  Changes observability plugin codeowner (elastic#70439)
  update (elastic#70424)
  [Logs UI] Avoid CCS-incompatible index name resolution (elastic#70179)
  Enable "Explore underlying data" actions for Lens visualizations (elastic#70047)
  Initial work on uptime homepage API (elastic#70135)
  expressions indexPattern function (elastic#70315)
  [Discover] Deangularization context error message refactoring (elastic#70090)
  [Lens] Add "no data" popover (elastic#69147)
  [Lens] Move chart switcher over (elastic#70182)
  chore: add missing mjs extension (elastic#70326)
  [Lens] Multiple y axes (elastic#69911)
  skip flaky suite (elastic#70386)
  fix bug to add timeline to case (elastic#70343)
  [QA][Code Coverage] Drop catchError and use try / catch instead, (elastic#69198)
  [QA] [Code Coverage] Integrate with Team Assignment Pipeline and Add Research and Development Indexes and Cluster (elastic#69348)
  [Metrics UI] Add context.reason and alertOnNoData to Inventory alerts (elastic#70260)
  Resolver refactoring (elastic#70312)
  [Ingest Manager] Fix agent ack after input format change (elastic#70335)
  [eslint][ts] Enable prefer-ts-expect-error (elastic#70022)
  ...
oatkiller pushed a commit that referenced this pull request Jul 1, 2020
* remove unused piece of state
* Move related event total calculation to selector
* rename xScale
* remove `let`
* Move `dispatch` call out of HTTP try-catch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Data Visibility Team managing the endpoint resolver v7.9.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants