[Security Solution][Exceptions] - Update exception item comments to include id #73129
Conversation
| @@ -65,7 +65,7 @@ describe('create_endpoint_list_item_schema', () => { | |||
| expect(message.schema).toEqual({}); | |||
| }); | |||
|
|
|||
| test('it should not validate a "list_id" since it does not required one', () => { | |||
| test('it should fail validation when supplied a "list_id" since it does not required one', () => { | |||
There was a problem hiding this comment.
@rylnd you'd mentioned the wording not validate was a bit misleading, so began updating the wording. Does this seem better?
|
|
||
| import { Comments, CommentsArray } from './comments'; |
There was a problem hiding this comment.
Made these singular, was really confusing when it was plural but referred to a single comment schema.
| created_at: t.string, // TODO: Make this into an ISO Date string check, | ||
| created_by: t.string, | ||
| comment: NonEmptyString, | ||
| created_at, |
There was a problem hiding this comment.
Moved to use the same ones that are in common, so when we update those to be ISO Date types, these are good to go as well.
| } else if (existingComment.created_at !== comment.created_at) { | ||
| throw new ErrorWithStatusCode('Unable to update comment', 403); | ||
| } else if (comment.comment.trim().length === 0) { | ||
| throw new ErrorWithStatusCode('Empty comments not allowed', 403); |
There was a problem hiding this comment.
Now delegated to schema validation.
| if (comments != null) { | ||
| return comments.map((c: CreateComments) => { | ||
| if (c.comment.trim().length === 0) { | ||
| throw new ErrorWithStatusCode('Empty comments not allowed', 403); |
There was a problem hiding this comment.
Now delegated to schema validation.
| @@ -377,7 +377,7 @@ export const ExceptionBuilder = ({ | |||
| )} | |||
| <EuiFlexItem grow={1}> | |||
| <BuilderButtonOptions | |||
| isOrDisabled={disableOr} | |||
| isOrDisabled={isOrDisabled ? isOrDisabled : disableOr} | |||
There was a problem hiding this comment.
If builder consumer specifies that OR should be disabled no matter what, makes sure it does so and is not overwritten by disableOr logic.
| addError(error, { title: i18n.EDIT_EXCEPTION_ERROR }); | ||
| onCancel(); | ||
| if (error.message.includes('Conflict')) { | ||
| setHasVersionConflict(true); |
There was a problem hiding this comment.
If there's a conflict error, am showing a EuiCallout and not closing modal. Let's say a user spent 20 minutes writing a comment, for example, if we just close it, they lose it. This gives the user the chance to copy anything they need to.
| @@ -172,11 +178,16 @@ export const EditExceptionModal = memo(function EditExceptionModal({ | |||
| ); | |||
|
|
|||
| const enrichExceptionItems = useCallback(() => { | |||
| const [exceptionItemToEdit] = exceptionItemsToAdd; | |||
There was a problem hiding this comment.
Workaround as OR is disabled for now, so only need to update single item.
| @@ -258,6 +269,14 @@ export const EditExceptionModal = memo(function EditExceptionModal({ | |||
| </> | |||
| )} | |||
|
|
|||
| {hasVersionConflict && ( | |||
There was a problem hiding this comment.
@marrasherrier @dontcallmesherryli Any feedback on where this should be shown?
|
Pinging @elastic/siem (Team:SIEM) |
|
would it be possible to have the error message outside the modal, like in the bottom right corner? if not, that error message placement looks ok to me. perhaps we could also disable everything besides the cancel button, so users can't ignore the message |
...plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx
Show resolved
Hide resolved
...plugins/security_solution/public/common/components/exceptions/edit_exception_modal/index.tsx
Outdated
Show resolved
Hide resolved
| }): Comments => { | ||
| if (comment.created_by !== user) { | ||
| }): Comment => { | ||
| if (incomingComment.id == null) { |
There was a problem hiding this comment.
I'm seeing some issues when trying to edit an exception that has been changed at the same time by the same user (in another browser) or by another user. The steps I'm following are:
- Create an exception with one comment in one browser (Firefox)
- In another browser (Chrome) click "Edit" on that recently added exception but don't edit it and don't click submit.
- Back in the Firefox window edit the exception by adding a new comment
- In the Chrome window add a new comment and click submit
Before this change, in the master branch, I get a 403 on PUT /api/exception_lists/items error with the following message:
When trying to update a comment, "created_at" and "created_by" must be present
After this change, in this branch, I get a 401 unathorized error on PUT /api/exception_lists/items and get logged out of Kibana. It looks like this is the line that's throwing the error
There was a problem hiding this comment.
Thanks so much for catching this Pedro. I updated the API to currently be append only. I was doing validations and transformations prior to the version check. I removed much of this and am now just checking that the incoming comments are append only. Still working to have full CRUD in an upcoming release.
| // cannot delete, only append at the moment | ||
| // TODO: Add new comments endpoint to fully support CRUD | ||
| if (!idMatches && index < existingComments.length) { | ||
| throw new ErrorWithStatusCode(`Cannot delete comment id: ${matchingCommentByIndex.id}`, 401); |
There was a problem hiding this comment.
I think we're overusing the 401 error code in this file. This seems to be causing unexpected side effects like the user getting logged out of Kibana. We should consider using a different error code like 400 for these types of errors. @FrankHassanabad @madirey thoughts?
There was a problem hiding this comment.
Yes, these probably should be 400's. 401 should only be used on failure to authenticate, 403 for attempts to access a resource that the authenticated user does not have permission to access.
There was a problem hiding this comment.
Thanks @peluja1012 and @madirey ! I simplified validations and made comments append only. Full CRUD is a wip for now.
...s/security_solution/public/common/components/exceptions/edit_exception_modal/translations.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Pulled updated branch and verified that the issues that I was experiencing with editing an exception with existing comments are no longer there. Thanks for the changes, @yctercero!
💚 Build SucceededBuild metricsasync chunks size
page load bundle size
Saved Objects .kibana field count
History
To update your PR or re-run it, just comment with: |
…nclude id (elastic#73129) ## Summary This PR is somewhat of an intermediary step. Comments on exception list items are denormalized. We initially decided that we would not add `uuid` to comments, but found that it is in fact necessary. This is intermediary in the sense that what we ideally want to have is a dedicated `comments` CRUD route. Also just note that I added a callout for when a version conflict occurs (ie: exception item was updated by someone else while a user is editing the same item). With this PR users are able to: - Create comments when creating exception list items - Add new comments on exception item update Users will currently be blocked from: - Deleting comments - Updating comments - Updating exception item if version conflict is found
…nclude id (elastic#73129) ## Summary This PR is somewhat of an intermediary step. Comments on exception list items are denormalized. We initially decided that we would not add `uuid` to comments, but found that it is in fact necessary. This is intermediary in the sense that what we ideally want to have is a dedicated `comments` CRUD route. Also just note that I added a callout for when a version conflict occurs (ie: exception item was updated by someone else while a user is editing the same item). With this PR users are able to: - Create comments when creating exception list items - Add new comments on exception item update Users will currently be blocked from: - Deleting comments - Updating comments - Updating exception item if version conflict is found
…nclude id (#73129) (#73374) ## Summary This PR is somewhat of an intermediary step. Comments on exception list items are denormalized. We initially decided that we would not add `uuid` to comments, but found that it is in fact necessary. This is intermediary in the sense that what we ideally want to have is a dedicated `comments` CRUD route. Also just note that I added a callout for when a version conflict occurs (ie: exception item was updated by someone else while a user is editing the same item). With this PR users are able to: - Create comments when creating exception list items - Add new comments on exception item update Users will currently be blocked from: - Deleting comments - Updating comments - Updating exception item if version conflict is found
…nclude id (#73129) (#73375) ## Summary This PR is somewhat of an intermediary step. Comments on exception list items are denormalized. We initially decided that we would not add `uuid` to comments, but found that it is in fact necessary. This is intermediary in the sense that what we ideally want to have is a dedicated `comments` CRUD route. Also just note that I added a callout for when a version conflict occurs (ie: exception item was updated by someone else while a user is editing the same item). With this PR users are able to: - Create comments when creating exception list items - Add new comments on exception item update Users will currently be blocked from: - Deleting comments - Updating comments - Updating exception item if version conflict is found
|
I'm late to the party, but LGTM! Thanks for the updates! |
* master: (44 commits) [Search] add server logs (elastic#72454) [SIEM][Timelines] Updates timeline template callout text (elastic#73334) Fix App status flaky test (elastic#72853) [Functional Tests] Increase the timeout when locating the tableview] (elastic#73243) Use "Apply_filter_trigger" in dashboard drilldown (elastic#71468) fix dashboard index pattern race condition (elastic#72899) [Functional Tests] Increase waitTime for timelion to fetch the results (elastic#73255) [Functional Tests] Fix flakiness on TSVB chart on switching index patterns test (elastic#73238) updates cypress to v4.11.0 (elastic#73327) [Metrics UI] Saved views bugs (elastic#72518) [Ingest Manager] Convert select agent config step to use combo box (elastic#73172) Exclude `version` from package config attributes that are copied, add safeguard to package config bulk create (elastic#73128) [Security Solution][ML] Updates siem group name to security (elastic#73218) [Security Solution] Show proper icon for termination status of all processes (elastic#73235) [Security Solution][Resolver] Show origin node details in panel on load (elastic#73313) [Security solution] Threat hunting test coverage improvements (elastic#73276) [Security Solution][Exceptions] - Update exception item comments to include id (elastic#73129) [Enterprise Search] Error state UI tweaks to account for current Cloud SSO behavior (elastic#73324) [dev/build/docker_generator] convert to typescript (elastic#73339) [APM] Fix focus map link on service map (elastic#73338) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
This PR is somewhat of an intermediary step. Comments on exception list items are denormalized. We initially decided that we would not add
uuidto comments, but found that it is in fact necessary. This is intermediary in the sense that what we ideally want to have is a dedicatedcommentsCRUD route.Also just note that I added a callout for when a version conflict occurs (ie: exception item was updated by someone else while a user is editing the same item).
With this PR users are able to:
Users will currently be blocked from:
Conflict callout
TO DO
Checklist
For maintainers