Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084

Merged
merged 20 commits into from
Oct 21, 2020

Conversation

parkiino
Copy link
Contributor

@parkiino parkiino commented Sep 21, 2020

Summary

  • adds checkbox for Endpoint policy malware user notification
  • migration for new malware user notification field
  • migrated policy does not automatically have user notification checked off even if prevent is selected
  • if a user makes a new policy, user notification on is the default
  • migration unit test

Issue: https://github.com/elastic/security-team/issues/220

image

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@parkiino parkiino marked this pull request as ready for review October 15, 2020 15:55
@parkiino parkiino requested a review from a team as a code owner October 15, 2020 15:55
@parkiino parkiino requested a review from a team October 15, 2020 15:55
@parkiino parkiino requested a review from a team as a code owner October 15, 2020 15:55
@parkiino parkiino added Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Endpoint Management v7.11.0 v8.0.0 labels Oct 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-app-team (Feature:Endpoint)

@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-management (Team:Endpoint Management)

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Oct 15, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/ingest-management (Team:Ingest Management)

@@ -26,6 +26,7 @@ import {
migrateSettingsToV7100,
migrateAgentActionToV7100,
} from './migrations/to_v7_10_0';
import { migratePackagePolicyToV7110 } from './migrations/to_v7_11_0';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this reside and be run outside Fleet? e.g. inside security?

It seems limited to Endpoint and I'd like to limit how much Fleet "knows" about the specifics of a package

Copy link
Contributor

@kevinlog kevinlog Oct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could store store this file outside of Fleet, but doesn't the SO migration have to run as a part of the SO mapping definition? Or could we import a mapping in security and then add an additional migration?

EDIT:
agreed on the Endpoint-only nature, happy to look at other alternatives

import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../../ingest_manager/common';
import { migratePackagePolicyToV7110 } from './to_v7_11.0';

export const packagePolicyType: SavedObjectsType = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it a problem that we define this here as well as in Ingest? If it is OK, should we import the mapping, clone it, and add our own migration? What happens if there are 2 migrations for 7.11? One in Ingest and one in Security?

cc @jfsiii @jen-huang

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

judging from the test failures, it certainly looks like this is an issue

https://kibana-ci.elastic.co/job/elastic+kibana+pipeline-pull-request/82038/execution/node/636/log/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?

This seems like what needs to happen. We can't define a duplicate mapping for an existing SO. Unless there's a way that we import the SO mapping from ingest in our app and simply add another migration to it.

@jfsiii jfsiii self-requested a review October 20, 2020 14:42
Copy link
Contributor

@jfsiii jfsiii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 🚀 Thanks for moving the migration to security_solution

Copy link
Contributor

@jen-huang jen-huang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to see another test case added but rest of migration code LGTM

import { PackagePolicy } from '../../../../../ingest_manager/common';
import { migratePackagePolicyToV7110 } from './to_v7_11.0';

describe('7.11.0 Endpoint Package Policy migration', () => {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you add another test case that ensures package policies are not modified for non-endpoint package policies?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yesss will do!

Copy link
Contributor

@paul-tavares paul-tavares left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments, but I'm good if you merge

describe('7.11.0 Endpoint Package Policy migration', () => {
const migration = migratePackagePolicyToV7110;
it('adds malware notification checkbox and optional message', () => {
const doc = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe add a Type to doc? so that in the future the structure changes, we're reminded (error) to come revisit this.

import { cloneDeep } from 'lodash';
import { PackagePolicy } from '../../../../../ingest_manager/common';

export const migratePackagePolicyToV7110: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = (
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only used by server code correct?
perhaps it would be more appropriate to store it under ./server directory and have it exposed via ./server/index?

@nnamdifrankie what do you think? ⬆️

},
],
},
type: ' nested',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small spacing typo here and on the rest of the type: lines in this file

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

@kbn/optimizer bundle module count

id before after diff
securitySolution 2057 2058 +1

async chunks size

id before after diff
securitySolution 8.1MB 8.1MB +2.0KB

distributable file count

id before after diff
default 48035 48036 +1

page load bundle size

id before after diff
securitySolution 262.0KB 262.8KB +813.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@parkiino parkiino merged commit b4864ab into elastic:master Oct 21, 2020
@parkiino parkiino deleted the task/malware-user-notification branch October 21, 2020 02:42
parkiino added a commit that referenced this pull request Oct 21, 2020
…ox (#78084) (#81271)

includes migration for endpoint package policy 7.11
jloleysens added a commit to jloleysens/kibana that referenced this pull request Oct 21, 2020
…arm-phase-to-formlib

* 'master' of github.com:elastic/kibana: (55 commits)
  [UX] Fix map color variance and apply proper filter for extended stats (elastic#81106)
  [User Experience] Use EuiSelect for percentiles instead of SuperSelect (elastic#81082)
  [DOCS] Add link for monitoring ssl settings (elastic#81057)
  [test] Await loading indicator in monitoring test (elastic#81279)
  [ILM] Minor copy and link additions to cloud CTA for cold phase (elastic#80512)
  [Mappings editor] Add scaled_float and date_range comp integration tests (elastic#81287)
  [Discover] Deangularize context.app (elastic#80851)
  [O11y Overview] Add code to display/hide UX section when appropriate (elastic#80873)
  [Discover] Extend DiscoverNoResults component to show different message on error (elastic#79671)
  Fix tagcloud word overlapping (elastic#81161)
  [Security Solution] Fixes flaky test rules (elastic#81040)
  Changed the code to avoid tech debt with hacky solutions after receiving comments on EUI issue reported about this problem. (elastic#81183)
  [Security Solution][All] Replace old markdown renderer with the new one (elastic#80301)
  Add namespaced version of the API call (elastic#81278)
  [ML] Data Frame Analytics: Fix race condition and support for feature influence legacy format. (elastic#81123)
  [Fleet] Fix POLICY_CHANGE action creation for new policy (elastic#81236)
  [Security Solution][Endpoint][Admin] Malware user notification checkbox (elastic#78084)
  [SecuritySolution][Unit Tests] - fix flakey unit test (elastic#81239)
  skip flaky suite (elastic#81264)
  [Maps] fix top-level Map page is called 'Kibana' (elastic#81238)
  ...

# Conflicts:
#	x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx
#	x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared/forcemerge_field.tsx
#	x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/warm_phase.tsx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature:Endpoint Elastic Endpoint feature release_note:skip Skip the PR/issue when compiling release notes Team:Fleet Team label for Observability Data Collection Fleet team v7.11.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants