[Actions] Introduce the isSystemAction property to actions
#160753
Conversation
cnasikas
added
Feature:Actions
Team:ResponseOps
cnasikas
changed the title
isSystemAction to actions
|
Pinging @elastic/response-ops (Team:ResponseOps) |
cnasikas
added
release_note:skip
cnasikas
changed the title
isSystemAction to actionsisSystemAction property to actions
cnasikas
force-pushed
the
system_actions_registration
branch
from
45e2605
to
b070bd9
Compare
|
@elasticmachine merge upstream |
…ana into system_actions_registration
botelastic
bot
added
the
Team:Uptime - DEPRECATED
|
Pinging @elastic/uptime (Team:uptime) |
| @@ -61,6 +61,7 @@ export const fetchConnectors = async (): Promise<ActionConnector[]> => { | |||
| is_preconfigured: isPreconfigured, | |||
| is_deprecated: isDeprecated, | |||
| is_missing_secrets: isMissingSecrets, | |||
| is_system_action: isSystemAction, | |||
There was a problem hiding this comment.
is it possible to move this util to actions plugin? or reuse?
There was a problem hiding this comment.
I think it is better if the action plugin exposes a function that does the API call and the transformation as we do in cases. I think the recommendation is to not call the APIs of other plugins directly but use a thin client. This way the team can do changes in the API without affecting other teams. This will also be helpful when versioning our endpoints. @pmuellr Is there any issue for that?
There was a problem hiding this comment.
I'm not aware of explicit issues covering this - sounds like a nice addition to the client-side actions plugin. If I understand correctly. Open an issue?
There was a problem hiding this comment.
Ok, I will open an issue. @shahzad31 What do you think of this approach (addressing it on another PR)?
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @cnasikas |
|
Hey @cnasikas, could you please provide links to product tickets or any other context for what this change is related to and what does |
Hey @banderror! Sorry my mistake, I should have put them in the description. This is one of many PRs to support System (Response) actions in the actions' framework like OsQuery, Isolating a host, etc. Here is the issue #160367. At the bottom, you can find all related tickets. |
|
|
||
| export type SystemAction = Omit<ActionConnectorProps<never, never>, 'config' | 'secrets'> & { | ||
| isSystemAction: true; | ||
| isPreconfigured: false; |
There was a problem hiding this comment.
If you imagine we end up changing isPreconfigured to isInMemory or similiar, we'd end up probably wanting isPreconfigured to be true, whenever isSystemAction is true. That way, we won't have to change any of our current isPreconfigured checks, that are typically to check if it's persisted as an SO or not.
There was a problem hiding this comment.
I don't know how this will play out in the UI yet. I suspect that we would like to have the separation. I will keep your suggestion in mind when the time comes. In the backend, we should have the separation as we treat the preconfigured and the system actions a bit differently.
There was a problem hiding this comment.
Detection Rule Management changes LGTM 👍
Thanks for providing the context info, I read the #160367 ticket and have a few questions.
-
Do you or @patrykkopycinski already have a plan for migrating Response Actions from Security Solution to the Framework? Or is this on any team's roadmap? I saw [Research] Supporting response actions with alerting and connectors #155644 but it doesn't have any version labels etc.
-
Is there any clarity around exporting/importing system actions? In Security Solution, we have our own Detection API endpoints for exporting and importing rules. With rules, we also export and import connectors, if any of the rules have actions related to them. Do you have any recommendations for how should we handle system actions in these endpoints? I'd assume we should skip exporting them and ignore them or return an error on import.
Here's a function that is called when the detection rule export endpoint gets the connectors to be exported:
| @@ -81,6 +81,7 @@ export interface ActionResult<Config extends ActionTypeConfig = ActionTypeConfig | |||
| config?: Config; | |||
| isPreconfigured: boolean; | |||
| isDeprecated: boolean; | |||
| isSystemAction: boolean; | |||
There was a problem hiding this comment.
It would be great to start documenting at least public interfaces that are exported from the Framework -- for us on the solution side it's often hard to navigate the Framework's code, but we need to do it from time to time.
Here we could add a JSDoc comment with a description of the field and a link to #160367.
There was a problem hiding this comment.
Good point! I will do it in the following PRs as I will probably introduce more types.
|
Thank you @banderror! We target 8.10 for the system actions. The migration should be handled by the Security solution team. @patrykkopycinski and the team are aware of our work. We are working with @kobelb to find a seamless backward compatibility migration path. We will let you know about it soon. Regarding, import/export we will not support it for system actions as they should always be available in every deployment (they are created on Kibana startup on the fly). I was not aware of this functionality in Security Solution. I will address it myself in the following PRs when I do the same for the import/export from the stack management. Thanks for letting me know! |
Summary
This PR introduces the
isSystemAction: booleanto theActionResulttype. It also, adds the same to theActionTypetype. I added validation to verify that system actions cannot be registered at the moment. More PRs are going to follow to incrementally build the feature.Related: #160367
Checklist
Delete any items that are not applicable to this PR.
For maintainers