[Security Solution] Refactor resolver children _source #77343
Conversation
jonathan-buttner
added
v8.0.0
release_note:skip
|
Pinging @elastic/endpoint-app-team (Feature:Resolver) |
|
Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility) |
jonathan-buttner
requested review from
oatkiller,
michaelolo24,
bkimmel and
kqualters-elastic
|
@jonathan-buttner AFAIK the children API is unused. What is the motivation for this PR? |
@oatkiller sorry "children API" is misleading, I meant it in a general sense. The |
| }>; | ||
| } | ||
| | { | ||
| event: Partial<{ |
There was a problem hiding this comment.
❔ What does this second part of the union do? Doesn't the first part being marked 'partial' make this redundant?
There was a problem hiding this comment.
The first Partial marks the fields like endgame and event as optional but not the fields inside those fields (it's not recursive). This line marks type as optional and any future fields added to event.
| */ | ||
| type TimestampFields = Pick<SafeResolverEvent, '@timestamp'>; | ||
|
|
||
| export function timestampSafeVersion(event: TimestampFields): undefined | number { |
There was a problem hiding this comment.
Added comment
| */ | ||
| type GetAncestryArrayFields = AncestryArrayFields & ParentEntityIDFields; | ||
|
|
||
| export function getAncestryAsArray(event: GetAncestryArrayFields | undefined): string[] { |
There was a problem hiding this comment.
Added comment
💚 Build SucceededBuild metricsasync chunks size
History
To update your PR or re-run it, just comment with: |
* Moving generator to safe type version * Finished generator and alert * Gzipping again * Finishing type conversions for backend * Trying to cast front end tests back to unsafe type for now * Working reducer tests * Adding more comments and fixing alert type * Restoring resolver test data * Updating snapshot with timestamp info * Getting the models figured out * Event models type fixes * Adding more comments * Fixing more comments * Adding comments
* Moving generator to safe type version * Finished generator and alert * Gzipping again * Finishing type conversions for backend * Trying to cast front end tests back to unsafe type for now * Working reducer tests * Adding more comments and fixing alert type * Restoring resolver test data * Updating snapshot with timestamp info * Getting the models figured out * Event models type fixes * Adding more comments * Fixing more comments * Adding comments
This PR refactors a portion of the children functionality to reduce the
_sourcefields used when querying the document. Only a portion of the fields are needed for an intermediate step while finding the children nodes of a process. To accomplish this, a number of the model function's parameters were changed to only take the necessary fields for a single function.