[Security Solution][Detections] Convert EQL validation to use search strategy #79538
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These are the same types with a different name. However, the benefit is that they exist in a non-restricted path (the top level of the plugin).
Rather than calling our custom EQL validation endpoint, we can instead leverage the EQL search strategy. The downside is that we have to move our response parsing logic to the frontend, but the benefit is that there's no backend to maintain.
We're keeping our io-ts schemas for now since they're still being used to type the I/O of our client function.
I'm not aware of a way to pass react context to the form lib validator functions, so for now we have to pass this the ugly way :(
We were keeping these around for the types, but they're so simple that it's really not worth the overhead. The tests are similarly for functionality that is no longer used, so no hard feelings there.
We only care about the query's validity, so we can tell the response handler to do less work here.
Without passing transport options to .get, a query with an `ignore` would succeed if it completed in the `waitForCompletionTimeout` window, but fail (with the ignored error) on the subsequent request if it became async.
rylnd
added
Team:SIEM
v8.0.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
Common values cannot be consumed directly by client code (compilation error), so we need to re-export them from data_enhanced's public module.
peluja1012
approved these changes
Oct 6, 2020
spong
reviewed
Oct 6, 2020
| @@ -4,8 +4,7 @@ | |||
| * you may not use this file except in compliance with the Elastic License. | |||
| */ | |||
|
|
|||
| import get from 'lodash/get'; | |||
| import has from 'lodash/has'; | |||
| import { get, has } from 'lodash'; | |||
spong
approved these changes
Oct 6, 2020
Conflicts: x-pack/plugins/security_solution/public/common/hooks/eql/api.ts x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts
💚 Build SucceededMetrics [docs]@kbn/optimizer bundle module count
async chunks size
distributable file count
page load bundle size
History
To update your PR or re-run it, just comment with: |
spong
pushed a commit
that referenced
this pull request
Oct 7, 2020
…strategy (#79538) (#79806) * Rename types from the top-level plugin These are the same types with a different name. However, the benefit is that they exist in a non-restricted path (the top level of the plugin). * Convert our validation function to use the EQL search strategy Rather than calling our custom EQL validation endpoint, we can instead leverage the EQL search strategy. The downside is that we have to move our response parsing logic to the frontend, but the benefit is that there's no backend to maintain. * Remove server code related to our EQL validation endpoint We're keeping our io-ts schemas for now since they're still being used to type the I/O of our client function. * Add the data contract to our KibanaServices I'm not aware of a way to pass react context to the form lib validator functions, so for now we have to pass this the ugly way :( * Remove io-ts types corresponding to our defunct validation endpoint We were keeping these around for the types, but they're so simple that it's really not worth the overhead. The tests are similarly for functionality that is no longer used, so no hard feelings there. * Ensure that our validation does not bother generating hits We only care about the query's validity, so we can tell the response handler to do less work here. * Pass transport options when retrieving an existing search Without passing transport options to .get, a query with an `ignore` would succeed if it completed in the `waitForCompletionTimeout` window, but fail (with the ignored error) on the subsequent request if it became async. * Use constant for our strategy key * Export search strategy constants for client consumption Common values cannot be consumed directly by client code (compilation error), so we need to re-export them from data_enhanced's public module.
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
common, as that's now done on the clientChecklist
For maintainers