Skip to content

Commit

Permalink
[8.16] [Security Solution] Skip isCustomized calculation when the fea…
Browse files Browse the repository at this point in the history
…ture flag is off (#201825) (#202751)

# Backport

This will backport the following commits from `main` to `8.16`:
- [[Security Solution] Skip isCustomized calculation when the feature
flag is off (#201825)](#201825)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Dmitrii
Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2024-12-03T12:11:24Z","message":"[Security
Solution] Skip isCustomized calculation when the feature flag is off
(#201825)\n\n**Resolves:
https://github.com/elastic/kibana/issues/201632**\r\n\r\n## Summary
\r\n\r\nWhen the rule customization feature flag is disabled, we should
always\r\nreturn `isCustomized: false`, regardless of any changes
introduced to a\r\nrule. This ensures that we do not accidentally mark
prebuilt rules as\r\ncustomized in 8.16 with the feature flag off. For
more details, refer to\r\nthe related issue:
https://github.com/elastic/kibana/issues/201632\r\n\r\n### Main Changes
\r\n\r\n- The primary change in this PR is encapsulated in
the\r\n`calculateIsCustomized` function\r\n- Other changes involve
passing the feature flag to this function\r\n- Added integration tests
to cover all API CRUD operations that can be\r\nperformed with
rules","sha":"22911c1828f40160cf3a2935300aec18c11b56e9","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","Team:Detections
and Resp","Team: SecuritySolution","Team:Detection Rule
Management","Feature:Prebuilt Detection
Rules","backport:version","v8.17.0","v8.18.0","v8.16.2"],"number":201825,"url":"https://github.com/elastic/kibana/pull/201825","mergeCommit":{"message":"[Security
Solution] Skip isCustomized calculation when the feature flag is off
(#201825)\n\n**Resolves:
https://github.com/elastic/kibana/issues/201632**\r\n\r\n## Summary
\r\n\r\nWhen the rule customization feature flag is disabled, we should
always\r\nreturn `isCustomized: false`, regardless of any changes
introduced to a\r\nrule. This ensures that we do not accidentally mark
prebuilt rules as\r\ncustomized in 8.16 with the feature flag off. For
more details, refer to\r\nthe related issue:
https://github.com/elastic/kibana/issues/201632\r\n\r\n### Main Changes
\r\n\r\n- The primary change in this PR is encapsulated in
the\r\n`calculateIsCustomized` function\r\n- Other changes involve
passing the feature flag to this function\r\n- Added integration tests
to cover all API CRUD operations that can be\r\nperformed with
rules","sha":"22911c1828f40160cf3a2935300aec18c11b56e9"}},"sourceBranch":"main","suggestedTargetBranches":["8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201825","number":201825,"mergeCommit":{"message":"[Security
Solution] Skip isCustomized calculation when the feature flag is off
(#201825)\n\n**Resolves:
https://github.com/elastic/kibana/issues/201632**\r\n\r\n## Summary
\r\n\r\nWhen the rule customization feature flag is disabled, we should
always\r\nreturn `isCustomized: false`, regardless of any changes
introduced to a\r\nrule. This ensures that we do not accidentally mark
prebuilt rules as\r\ncustomized in 8.16 with the feature flag off. For
more details, refer to\r\nthe related issue:
https://github.com/elastic/kibana/issues/201632\r\n\r\n### Main Changes
\r\n\r\n- The primary change in this PR is encapsulated in
the\r\n`calculateIsCustomized` function\r\n- Other changes involve
passing the feature flag to this function\r\n- Added integration tests
to cover all API CRUD operations that can be\r\nperformed with
rules","sha":"22911c1828f40160cf3a2935300aec18c11b56e9"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/202696","number":202696,"state":"MERGED","mergeCommit":{"sha":"487149e077e61341f81c871b74f36a9e20df67c0","message":"[8.17]
[Security Solution] Skip isCustomized calculation when the feature flag
is off (#201825) (#202696)\n\n# Backport\n\nThis will backport the
following commits from `main` to `8.17`:\n- [[Security Solution] Skip
isCustomized calculation when the feature\nflag is off
(#201825)](https://github.com/elastic/kibana/pull/201825)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Dmitrii\nShevchenko\",\"email\":\"dmitrii.shevchenko@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2024-12-03T12:11:24Z\",\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:skip\",\"v9.0.0\",\"Team:Detections\nand
Resp\",\"Team: SecuritySolution\",\"Team:Detection
Rule\nManagement\",\"Feature:Prebuilt
Detection\nRules\",\"backport:version\",\"v8.17.0\",\"v8.18.0\",\"v8.16.2\"],\"title\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag
is\noff\",\"number\":201825,\"url\":\"https://github.com/elastic/kibana/pull/201825\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.17\",\"8.x\",\"8.16\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/201825\",\"number\":201825,\"mergeCommit\":{\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\"}},{\"branch\":\"8.17\",\"label\":\"v8.17.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.x\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v8.18.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.16\",\"label\":\"v8.16.2\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Dmitrii Shevchenko
<dmitrii.shevchenko@elastic.co>"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/202697","number":202697,"state":"MERGED","mergeCommit":{"sha":"8c9181aa48796a8467e38ad1431238ebaa78de7e","message":"[8.x]
[Security Solution] Skip isCustomized calculation when the feature flag
is off (#201825) (#202697)\n\n# Backport\n\nThis will backport the
following commits from `main` to `8.x`:\n- [[Security Solution] Skip
isCustomized calculation when the feature\nflag is off
(#201825)](https://github.com/elastic/kibana/pull/201825)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Dmitrii\nShevchenko\",\"email\":\"dmitrii.shevchenko@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2024-12-03T12:11:24Z\",\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\",\"branchLabelMapping\":{\"^v9.0.0$\":\"main\",\"^v8.18.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"bug\",\"release_note:skip\",\"v9.0.0\",\"Team:Detections\nand
Resp\",\"Team: SecuritySolution\",\"Team:Detection
Rule\nManagement\",\"Feature:Prebuilt
Detection\nRules\",\"backport:version\",\"v8.17.0\",\"v8.18.0\",\"v8.16.2\"],\"title\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag
is\noff\",\"number\":201825,\"url\":\"https://github.com/elastic/kibana/pull/201825\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"8.17\",\"8.x\",\"8.16\"],\"targetPullRequestStates\":[{\"branch\":\"main\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v9.0.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/201825\",\"number\":201825,\"mergeCommit\":{\"message\":\"[Security\nSolution]
Skip isCustomized calculation when the feature flag is
off\n(#201825)\\n\\n**Resolves:\nhttps://github.com//issues/201632**\\r\\n\\r\\n##
Summary\n\\r\\n\\r\\nWhen the rule customization feature flag is
disabled, we should\nalways\\r\\nreturn `isCustomized: false`,
regardless of any changes\nintroduced to a\\r\\nrule. This ensures that
we do not accidentally mark\nprebuilt rules as\\r\\ncustomized in 8.16
with the feature flag off. For\nmore details, refer to\\r\\nthe related
issue:\nhttps://github.com//issues/201632\\r\\n\\r\\n###
Main Changes\n\\r\\n\\r\\n- The primary change in this PR is
encapsulated in\nthe\\r\\n`calculateIsCustomized` function\\r\\n- Other
changes involve\npassing the feature flag to this function\\r\\n- Added
integration tests\nto cover all API CRUD operations that can
be\\r\\nperformed
with\nrules\",\"sha\":\"22911c1828f40160cf3a2935300aec18c11b56e9\"}},{\"branch\":\"8.17\",\"label\":\"v8.17.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.x\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v8.18.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.16\",\"label\":\"v8.16.2\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Dmitrii Shevchenko
<dmitrii.shevchenko@elastic.co>"}},{"branch":"8.16","label":"v8.16.2","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
  • Loading branch information
xcrzx authored Dec 4, 2024
1 parent e21bfd6 commit e2eaf0c
Show file tree
Hide file tree
Showing 33 changed files with 586 additions and 34 deletions.
3 changes: 2 additions & 1 deletion .buildkite/ftr_security_serverless_configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ disabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts
Expand Down
3 changes: 2 additions & 1 deletion .buildkite/ftr_security_stateful_configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -92,14 +92,20 @@ export const bulkEditRules = async ({
params: modifiedParams,
};
const ruleResponse = convertAlertingRuleToRuleResponse(updatedRule);
let isCustomized = false;
if (ruleResponse.immutable === true) {
isCustomized = calculateIsCustomized({
baseRule: baseVersionsMap.get(ruleResponse.rule_id),
nextRule: ruleResponse,
isRuleCustomizationEnabled: experimentalFeatures.prebuiltRulesCustomizationEnabled,
});
}

const ruleSource =
ruleResponse.immutable === true
? {
type: 'external' as const,
isCustomized: calculateIsCustomized(
baseVersionsMap.get(ruleResponse.rule_id),
ruleResponse
),
isCustomized,
}
: {
type: 'internal' as const,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ describe('DetectionRulesClient.createCustomRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ describe('DetectionRulesClient.createPrebuiltRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ describe('DetectionRulesClient.deleteRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ describe('DetectionRulesClient.importRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ describe('DetectionRulesClient.patchRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,15 @@ interface DetectionRulesClientParams {
rulesClient: RulesClient;
savedObjectsClient: SavedObjectsClientContract;
mlAuthz: MlAuthz;
isRuleCustomizationEnabled: boolean;
}

export const createDetectionRulesClient = ({
actionsClient,
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled,
}: DetectionRulesClientParams): IDetectionRulesClient => {
const prebuiltRuleAssetClient = createPrebuiltRuleAssetsClient(savedObjectsClient);

Expand Down Expand Up @@ -86,6 +88,7 @@ export const createDetectionRulesClient = ({
prebuiltRuleAssetClient,
mlAuthz,
ruleUpdate,
isRuleCustomizationEnabled,
});
});
},
Expand All @@ -98,6 +101,7 @@ export const createDetectionRulesClient = ({
prebuiltRuleAssetClient,
mlAuthz,
rulePatch,
isRuleCustomizationEnabled,
});
});
},
Expand All @@ -116,6 +120,7 @@ export const createDetectionRulesClient = ({
ruleAsset,
mlAuthz,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled,
});
});
},
Expand All @@ -128,6 +133,7 @@ export const createDetectionRulesClient = ({
importRulePayload: args,
mlAuthz,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled,
});
});
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ describe('DetectionRulesClient.updateRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ describe('DetectionRulesClient.upgradePrebuiltRule', () => {
rulesClient,
mlAuthz,
savedObjectsClient,
isRuleCustomizationEnabled: true,
});
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand Down Expand Up @@ -65,6 +66,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand Down Expand Up @@ -94,6 +96,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError(
'event_category_override: Expected string, received number, tiebreaker_field: Expected string, received number, timestamp_field: Expected string, received number'
Expand All @@ -119,6 +122,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError('alert_suppression.group_by: Expected array, received string');
});
Expand All @@ -134,6 +138,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -154,6 +159,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError(
'threat_query: Expected string, received number, threat_indicator_path: Expected string, received number'
Expand All @@ -170,6 +176,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -190,6 +197,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError(
"index.0: Expected string, received number, language: Invalid enum value. Expected 'kuery' | 'lucene', received 'non-language'"
Expand All @@ -206,6 +214,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -226,6 +235,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError(
"index.0: Expected string, received number, language: Invalid enum value. Expected 'kuery' | 'lucene', received 'non-language'"
Expand All @@ -244,6 +254,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -268,6 +279,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError('threshold.value: Expected number, received string');
});
Expand All @@ -285,6 +297,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -308,6 +321,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -330,6 +344,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -354,6 +369,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -376,6 +392,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -394,6 +411,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError('anomaly_threshold: Expected number, received string');
});
Expand All @@ -410,6 +428,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});

expect(patchedRule).toEqual(
Expand All @@ -432,6 +451,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand All @@ -450,6 +470,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
})
).rejects.toThrowError('new_terms_fields: Expected array, received string');
});
Expand All @@ -472,6 +493,7 @@ describe('applyRulePatch', () => {
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled: true,
});
expect(patchedRule).toEqual(
expect.objectContaining({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,15 @@ interface ApplyRulePatchProps {
prebuiltRuleAssetClient: IPrebuiltRuleAssetsClient;
existingRule: RuleResponse;
rulePatch: PatchRuleRequestBody;
isRuleCustomizationEnabled: boolean;
}

// eslint-disable-next-line complexity
export const applyRulePatch = async ({
rulePatch,
existingRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled,
}: ApplyRulePatchProps): Promise<RuleResponse> => {
const typeSpecificParams = patchTypeSpecificParams(rulePatch, existingRule);

Expand Down Expand Up @@ -122,6 +124,7 @@ export const applyRulePatch = async ({
nextRule.rule_source = await calculateRuleSource({
rule: nextRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled,
});

return nextRule;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,14 @@ interface ApplyRuleUpdateProps {
prebuiltRuleAssetClient: IPrebuiltRuleAssetsClient;
existingRule: RuleResponse;
ruleUpdate: RuleUpdateProps;
isRuleCustomizationEnabled: boolean;
}

export const applyRuleUpdate = async ({
prebuiltRuleAssetClient,
existingRule,
ruleUpdate,
isRuleCustomizationEnabled,
}: ApplyRuleUpdateProps): Promise<RuleResponse> => {
const nextRule: RuleResponse = {
...applyRuleDefaults(ruleUpdate),
Expand All @@ -46,6 +48,7 @@ export const applyRuleUpdate = async ({
nextRule.rule_source = await calculateRuleSource({
rule: nextRule,
prebuiltRuleAssetClient,
isRuleCustomizationEnabled,
});

return nextRule;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,22 @@ import { calculateRuleFieldsDiff } from '../../../../../prebuilt_rules/logic/dif
import { convertRuleToDiffable } from '../../../../../../../../common/detection_engine/prebuilt_rules/diff/convert_rule_to_diffable';
import { convertPrebuiltRuleAssetToRuleResponse } from '../../converters/convert_prebuilt_rule_asset_to_rule_response';

export function calculateIsCustomized(
baseRule: PrebuiltRuleAsset | undefined,
nextRule: RuleResponse
) {
interface CalculateIsCustomizedArgs {
baseRule: PrebuiltRuleAsset | undefined;
nextRule: RuleResponse;
isRuleCustomizationEnabled: boolean;
}

export function calculateIsCustomized({
baseRule,
nextRule,
isRuleCustomizationEnabled,
}: CalculateIsCustomizedArgs) {
if (!isRuleCustomizationEnabled) {
// We don't want to accidentally mark rules as customized when customization is disabled.
return false;
}

if (baseRule == null) {
// If the base version is missing, we consider the rule to be customized
return true;
Expand Down
Loading

0 comments on commit e2eaf0c

Please sign in to comment.