[Security Solution][Platform] - Add connectors to import/export API #148703
Conversation
WafaaNasr
added
WIP
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
…import-export-connectors-with-rules
…github.com/WafaaNasr/kibana into 118774-import-export-connectors-with-rules
|
@elasticmachine merge upstream |
|
merge conflict between base and head |
| @@ -34,6 +34,8 @@ import { importRulesRoute } from './route'; | |||
|
|
|||
| jest.mock('../../../../../machine_learning/authz'); | |||
|
|
|||
| // TODO add tests for connectors | |||
There was a problem hiding this comment.
Are you planning to add them for this PR, or a follow up? 👍 if you'd like to follow-up with an additional test-coverage PR -- would be nice to add a few more FTR tests covering connectors as well.
There was a problem hiding this comment.
I did already in this file x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts which I found exactly the same as this file x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts and the interesting thing is this file is not referenced at all, that's why I didn't add tests there and I wanted to ask if we need this file actually?
There was a problem hiding this comment.
So this file contains the jest unit tests against the route, whereas .../detection_engine_api_integration/security_and_spaces/group10/import_rules.ts are the FTR (functional test runner) API integration tests that actually stand up a kibana/es instance to test the import e2e.
This file would be good for testing the basic route inputs and such (or any other conditional logic specific to the route itself), but the latter is best for testing the complete flow from request to response, so good to have both. For these unit tests, the only connector specific test you might want to add is around the new overwrite_action_connectors query param that was added to the importQuerySchema, but as you mention, this could be covered by the FTR tests as well.
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts
Show resolved
Hide resolved
...on/server/lib/detection_engine/rule_management/logic/import/action_connectors/utils/index.ts
Show resolved
Hide resolved
..._engine/rule_management/logic/import/action_connectors/import_rule_action_connectors.test.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Checked out, tested locally, and did a high-level code review and LGTM! 👍 🚀 🙂
- I did add a few comments/questions for some future cleanup and additional tests, but no changes required in this PR.
- As a note, I did find two tangential issues ([Security Solution] Rule import error toast is too large to view title when many errors happen on import #149994, [Security Solution] Unable to view multiple errors toasts when rule import fails #149995) in testing, but they were pre-existing.
- Also, as mentioned in an above comment, rule import is currently broken (as of [Security Solution] Write and read Rule Execution Logs from rule instead of saved object #147035) since we're exporting additional fields that break validation on import, so I went ahead and patched that locally by returning
execution_summary: undefinedover ininternalRuleToAPIResponse()so I could perform full e2e testing. - I went ahead and added the
needs_docslabel as a reminder that we'll need to update our API docs with this change
Overall looks great @WafaaNasr -- thank you for all your efforts here and getting our users closer to a one-click backup/recover workflow! 🙌 🙂
Thank you so much @spong for your very thorough review!! really appreciated 🙏🏻😊 |
|
@ARWNightingale do you have any objections to changing the last part of this warning message from
This change would align the message with the one that displays when users perform a similar act on the Saved Objects page, which is importing a connector that needs configuration details re-applied or fixed. I think the consistent messaging can encourage the same behavior (i.e., go to the Connectors page to fix your connectors) and create a seamless experience for users whether they're receiving the warning from the Import rules modal or the Saved Objects page.
cc: @WafaaNasr |
1. Warning message
4. Error messages
@nastasha-solomon thanks for the comments, please find the updated state per each item :) |
|
@elasticmachine merge upstream |
@nastasha-solomon I confirmed with @ARWNightingale that we are going to implement the same UI as in the Saved Object page, I will add the |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @WafaaNasr |
| @@ -589,6 +633,18 @@ export default ({ getService }: FtrProviderContext): void => { | |||
| exceptions_errors: [], | |||
| exceptions_success: true, | |||
| exceptions_success_count: 0, | |||
| action_connectors_success: true, | |||
There was a problem hiding this comment.
Why do we have here action_connectors_success but also action_connectors_errors
There was a problem hiding this comment.
That's a good question, actually, this test is not needed as per this discussion initially I added the default values of the exported connectors, just to mimic the exported file if no actions' connectors were exported.
kibanamachine
added
v8.7.0
backport:skip
Summary
connectorsto the connectors page in the same tab, so that the user can fix imported connectors.Overwrite existing connectors with conflicting action "id"option to the Import ModalCases:
Screenshots
3.Connector Page
New text: @nastasha-solomon
1. Warning message
title => could be
1 connector importedorx connectors importedmessage =>
1 connector has sensitive information that requires updates. review in connectorsorx connectors have sensitive information that requires updates. review in connectors2. New
Overwritecheckbox3. Success Toast message
4. Error messages
a. Missing import action privileges
b. Missing connectors
