Skip to content

Commit

Permalink
[security solution] only import beat_schema when needed (#78708)
Browse files Browse the repository at this point in the history
Co-authored-by: spalger <spalger@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
  • Loading branch information
3 people authored Sep 30, 2020
1 parent 82cad2c commit c9c30b0
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { sortBy } from 'lodash/fp';

import { formatIndexFields, formatFirstFields, formatSecondFields, createFieldItem } from './index';
import { mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField } from './mock';
import { fieldsBeat as beatFields } from '../../utils/beat_schema/fields';

describe('Index Fields', () => {
describe('formatIndexFields', () => {
Expand All @@ -16,6 +17,7 @@ describe('Index Fields', () => {
sortBy(
'name',
await formatIndexFields(
beatFields,
[mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField],
['auditbeat', 'filebeat', 'packetbeat']
)
Expand Down Expand Up @@ -167,6 +169,7 @@ describe('Index Fields', () => {
describe('formatFirstFields', () => {
test('Basic functionality', async () => {
const fields = await formatFirstFields(
beatFields,
[mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField],
['auditbeat', 'filebeat', 'packetbeat']
);
Expand Down Expand Up @@ -749,6 +752,7 @@ describe('Index Fields', () => {
describe('createFieldItem', () => {
test('Basic functionality', () => {
const item = createFieldItem(
beatFields,
['auditbeat'],
{
name: '_id',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,18 @@ import {
IndexFieldsStrategyResponse,
IndexField,
IndexFieldsStrategyRequest,
BeatFields,
} from '../../../common/search_strategy/index_fields';

import { fieldsBeat } from '../../utils/beat_schema/fields';

export const securitySolutionIndexFieldsProvider = (): ISearchStrategy<
IndexFieldsStrategyRequest,
IndexFieldsStrategyResponse
> => {
// require the fields once we actually need them, rather than ahead of time, and pass
// them to createFieldItem to reduce the amount of work done as much as possible
// eslint-disable-next-line @typescript-eslint/no-var-requires
const beatFields: BeatFields = require('../../utils/beat_schema/fields').fieldsBeat;

return {
search: async (context, request) => {
const { elasticsearch } = context.core;
Expand All @@ -41,6 +45,7 @@ export const securitySolutionIndexFieldsProvider = (): ISearchStrategy<

if (!request.onlyCheckIfIndicesExist) {
indexFields = await formatIndexFields(
beatFields,
responsesIndexFields.filter((rif) => rif !== false) as FieldDescriptor[][],
dedupeIndices
);
Expand Down Expand Up @@ -116,6 +121,7 @@ const missingFields: FieldDescriptor[] = [
* @param indexesAliasIdx The index within the alias
*/
export const createFieldItem = (
beatFields: BeatFields,
indexesAlias: string[],
index: FieldDescriptor,
indexesAliasIdx: number
Expand All @@ -126,7 +132,7 @@ export const createFieldItem = (
splitIndexName[splitIndexName.length - 1] === 'text'
? splitIndexName.slice(0, splitIndexName.length - 1).join('.')
: index.name;
const beatIndex = fieldsBeat[indexName] ?? {};
const beatIndex = beatFields[indexName] ?? {};
if (isEmpty(beatIndex.category)) {
beatIndex.category = splitIndexName[0];
}
Expand All @@ -151,6 +157,7 @@ export const createFieldItem = (
* @param indexesAlias The index aliases such as filebeat-*
*/
export const formatFirstFields = async (
beatFields: BeatFields,
responsesIndexFields: FieldDescriptor[][],
indexesAlias: string[]
): Promise<IndexField[]> => {
Expand All @@ -160,11 +167,11 @@ export const formatFirstFields = async (
responsesIndexFields.reduce(
(accumulator: IndexField[], indexFields: FieldDescriptor[], indexesAliasIdx: number) => {
missingFields.forEach((index) => {
const item = createFieldItem(indexesAlias, index, indexesAliasIdx);
const item = createFieldItem(beatFields, indexesAlias, index, indexesAliasIdx);
accumulator.push(item);
});
indexFields.forEach((index) => {
const item = createFieldItem(indexesAlias, index, indexesAliasIdx);
const item = createFieldItem(beatFields, indexesAlias, index, indexesAliasIdx);
accumulator.push(item);
});
return accumulator;
Expand Down Expand Up @@ -224,10 +231,11 @@ export const formatSecondFields = async (fields: IndexField[]): Promise<IndexFie
* @param indexesAlias The index alias
*/
export const formatIndexFields = async (
beatFields: BeatFields,
responsesIndexFields: FieldDescriptor[][],
indexesAlias: string[]
): Promise<IndexField[]> => {
const fields = await formatFirstFields(responsesIndexFields, indexesAlias);
const fields = await formatFirstFields(beatFields, responsesIndexFields, indexesAlias);
const secondFields = await formatSecondFields(fields);
return secondFields;
};

0 comments on commit c9c30b0

Please sign in to comment.