Show required field mappings only for enabled rules (#418)

* show required field mappings only for enabled rules

Signed-off-by: Amardeepsingh Siglani <[email protected]>

* updated mock custom rule to match mapping in backend

Signed-off-by: Amardeepsingh Siglani <[email protected]>

---------

Signed-off-by: Amardeepsingh Siglani <[email protected]>
(cherry picked from commit 1bbc4c5)

cypress/fixtures/integration_tests/rule/create_dns_rule.json

@@ -16,7 +16,7 @@
     }
   ],
   "log_source": "",
-  "detection": "selection:\n  DnsQuestionName:\n    - QWE\n    - ASD\n    - YXC\ncondition: selection",
+  "detection": "selection:\n  query:\n    - QWE\n    - ASD\n    - YXC\ncondition: selection",
   "level": "low",
   "false_positives": [
     {

cypress/integration/1_detectors.spec.js

@@ -6,7 +6,6 @@
 import { OPENSEARCH_DASHBOARDS_URL } from '../support/constants';
 import sample_index_settings from '../fixtures/sample_index_settings.json';
 import dns_rule_data from '../fixtures/integration_tests/rule/create_dns_rule.json';
-import sample_dns_settings from '../fixtures/integration_tests/index/create_dns_settings.json';
 
 const testMappings = {
   properties: {

public/pages/CreateDetector/components/ConfigureFieldMapping/containers/ConfigureFieldMapping.tsx

@@ -23,6 +23,7 @@ import { DetectorCreationStep } from '../../../models/types';
 import { GetFieldMappingViewResponse } from '../../../../../../server/models/interfaces';
 import FieldMappingService from '../../../../../services/FieldMappingService';
 import { MappingViewType } from '../components/RequiredFieldMapping/FieldMappingsTable';
+import { CreateDetectorRulesState } from '../../DefineDetector/components/DetectionRules/DetectionRules';
 
 export interface ruleFieldToIndexFieldMap {
   [fieldName: string]: string;
@@ -32,10 +33,11 @@ interface ConfigureFieldMappingProps extends RouteComponentProps {
   isEdit: boolean;
   detector: Detector;
   filedMappingService: FieldMappingService;
-  replaceFieldMappings: (mappings: FieldMapping[]) => void;
   fieldMappings: FieldMapping[];
-  updateDataValidState: (step: DetectorCreationStep, isValid: boolean) => void;
   loading: boolean;
+  enabledRules: CreateDetectorRulesState['allRules'];
+  updateDataValidState: (step: DetectorCreationStep, isValid: boolean) => void;
+  replaceFieldMappings: (mappings: FieldMapping[]) => void;
 }
 
 interface ConfigureFieldMappingState {
@@ -67,6 +69,17 @@ export default class ConfigureFieldMapping extends Component<
     this.getAllMappings();
   };
 
+  private getRuleFieldsForEnabledRules(): Set<string> {
+    const ruleFieldsForEnabledRules = new Set<string>();
+    this.props.enabledRules.forEach((rule) => {
+      rule._source.query_field_names.forEach((fieldname) => {
+        ruleFieldsForEnabledRules.add(fieldname.value);
+      });
+    });
+
+    return ruleFieldsForEnabledRules;
+  }
+
   getAllMappings = async () => {
     this.setState({ loading: true });
     const mappingsView = await this.props.filedMappingService.getMappingsView(
@@ -75,14 +88,31 @@ export default class ConfigureFieldMapping extends Component<
     );
     if (mappingsView.ok) {
       const existingMappings = { ...this.state.createdMappings };
+      const ruleFieldsForEnabledRules = this.getRuleFieldsForEnabledRules();
+      const unmappedRuleFields = new Set(mappingsView.response.unmapped_field_aliases);
+
       Object.keys(mappingsView.response.properties).forEach((ruleFieldName) => {
+        // Filter the mappings view to include only the rule fields for the enabled rules
+        if (!ruleFieldsForEnabledRules.has(ruleFieldName)) {
+          delete mappingsView.response.properties[ruleFieldName];
+          return;
+        }
+
         existingMappings[ruleFieldName] =
           this.state.createdMappings[ruleFieldName] ||
           mappingsView.response.properties[ruleFieldName].path;
       });
+      mappingsView.response.unmapped_field_aliases?.forEach((ruleFieldName) => {
+        if (!ruleFieldsForEnabledRules.has(ruleFieldName)) {
+          unmappedRuleFields.delete(ruleFieldName);
+        }
+      });
       this.setState({
         createdMappings: existingMappings,
-        mappingsData: mappingsView.response,
+        mappingsData: {
+          ...mappingsView.response,
+          unmapped_field_aliases: Array.from(unmappedRuleFields),
+        },
       });
       this.updateMappingSharedState(existingMappings);
     }

public/pages/CreateDetector/components/DefineDetector/components/DetectionRules/DetectionRules.tsx

@@ -60,6 +60,7 @@ export const DetectionRules: React.FC<DetectionRulesProps> = ({
         logType: rule._source.category,
         name: rule._source.title,
         severity: rule._source.level,
+        ruleInfo: rule,
       })),
     [rulesState.allRules]
   );

public/pages/CreateDetector/containers/CreateDetector.tsx

@@ -349,6 +349,7 @@ export default class CreateDetector extends Component<CreateDetectorProps, Creat
             loading={false}
             filedMappingService={services.fieldMappingService}
             fieldMappings={this.state.fieldMappings}
+            enabledRules={this.state.rulesState.allRules.filter((rule) => rule.enabled)}
             replaceFieldMappings={this.replaceFieldMappings}
             updateDataValidState={this.updateDataValidState}
           />

server/models/interfaces/Rules.ts

@@ -68,4 +68,5 @@ export type RuleSource = Rule & {
   rule: string;
   last_update_time: string;
   queries: { value: string }[];
+  query_field_names: { value: string }[];
 };