-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084
[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084
Conversation
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
Pinging @elastic/endpoint-management (Team:Endpoint Management) |
Pinging @elastic/ingest-management (Team:Ingest Management) |
@@ -26,6 +26,7 @@ import { | |||
migrateSettingsToV7100, | |||
migrateAgentActionToV7100, | |||
} from './migrations/to_v7_10_0'; | |||
import { migratePackagePolicyToV7110 } from './migrations/to_v7_11_0'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this reside and be run outside Fleet? e.g. inside security?
It seems limited to Endpoint and I'd like to limit how much Fleet "knows" about the specifics of a package
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we could store store this file outside of Fleet, but doesn't the SO migration have to run as a part of the SO mapping definition? Or could we import a mapping in security and then add an additional migration?
EDIT:
agreed on the Endpoint-only nature, happy to look at other alternatives
import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../../ingest_manager/common'; | ||
import { migratePackagePolicyToV7110 } from './to_v7_11.0'; | ||
|
||
export const packagePolicyType: SavedObjectsType = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it a problem that we define this here as well as in Ingest? If it is OK, should we import the mapping, clone it, and add our own migration? What happens if there are 2 migrations for 7.11? One in Ingest and one in Security?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
judging from the test failures, it certainly looks like this is an issue
https://kibana-ci.elastic.co/job/elastic+kibana+pipeline-pull-request/82038/execution/node/636/log/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?
This seems like what needs to happen. We can't define a duplicate mapping for an existing SO. Unless there's a way that we import the SO mapping from ingest in our app and simply add another migration to it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 🚀 Thanks for moving the migration to security_solution
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to see another test case added but rest of migration code LGTM
import { PackagePolicy } from '../../../../../ingest_manager/common'; | ||
import { migratePackagePolicyToV7110 } from './to_v7_11.0'; | ||
|
||
describe('7.11.0 Endpoint Package Policy migration', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you add another test case that ensures package policies are not modified for non-endpoint package policies?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yesss will do!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some minor comments, but I'm good if you merge
describe('7.11.0 Endpoint Package Policy migration', () => { | ||
const migration = migratePackagePolicyToV7110; | ||
it('adds malware notification checkbox and optional message', () => { | ||
const doc = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe add a Type to doc
? so that in the future the structure changes, we're reminded (error) to come revisit this.
import { cloneDeep } from 'lodash'; | ||
import { PackagePolicy } from '../../../../../ingest_manager/common'; | ||
|
||
export const migratePackagePolicyToV7110: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only used by server code correct?
perhaps it would be more appropriate to store it under ./server
directory and have it exposed via ./server/index
?
@nnamdifrankie what do you think? ⬆️
}, | ||
], | ||
}, | ||
type: ' nested', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
small spacing typo here and on the rest of the type:
lines in this file
💚 Build SucceededMetrics [docs]@kbn/optimizer bundle module count
async chunks size
distributable file count
page load bundle size
History
To update your PR or re-run it, just comment with: |
…arm-phase-to-formlib * 'master' of github.com:elastic/kibana: (55 commits) [UX] Fix map color variance and apply proper filter for extended stats (elastic#81106) [User Experience] Use EuiSelect for percentiles instead of SuperSelect (elastic#81082) [DOCS] Add link for monitoring ssl settings (elastic#81057) [test] Await loading indicator in monitoring test (elastic#81279) [ILM] Minor copy and link additions to cloud CTA for cold phase (elastic#80512) [Mappings editor] Add scaled_float and date_range comp integration tests (elastic#81287) [Discover] Deangularize context.app (elastic#80851) [O11y Overview] Add code to display/hide UX section when appropriate (elastic#80873) [Discover] Extend DiscoverNoResults component to show different message on error (elastic#79671) Fix tagcloud word overlapping (elastic#81161) [Security Solution] Fixes flaky test rules (elastic#81040) Changed the code to avoid tech debt with hacky solutions after receiving comments on EUI issue reported about this problem. (elastic#81183) [Security Solution][All] Replace old markdown renderer with the new one (elastic#80301) Add namespaced version of the API call (elastic#81278) [ML] Data Frame Analytics: Fix race condition and support for feature influence legacy format. (elastic#81123) [Fleet] Fix POLICY_CHANGE action creation for new policy (elastic#81236) [Security Solution][Endpoint][Admin] Malware user notification checkbox (elastic#78084) [SecuritySolution][Unit Tests] - fix flakey unit test (elastic#81239) skip flaky suite (elastic#81264) [Maps] fix top-level Map page is called 'Kibana' (elastic#81238) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared/forcemerge_field.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/warm_phase.tsx
Summary
Issue: https://github.com/elastic/security-team/issues/220
Checklist
Delete any items that are not applicable to this PR.
For maintainers