Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] data_source field diff algorithm test plan #189669

Merged
merged 7 commits into from
Aug 9, 2024
Merged

[Security Solution] data_source field diff algorithm test plan #189669

merged 7 commits into from
Aug 9, 2024

Conversation

dplumlee
Copy link
Contributor

Summary

Related ticket: #187659

Adds test plan for diff algorithm for arrays of scalar values implemented here: #188874

For maintainers

@dplumlee dplumlee added release_note:skip Skip the PR/issue when compiling release notes test-plan Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area v8.16.0 labels Jul 31, 2024
@dplumlee dplumlee self-assigned this Jul 31, 2024
@dplumlee dplumlee requested a review from a team as a code owner July 31, 2024 18:37
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@dplumlee dplumlee mentioned this pull request Jul 31, 2024
Closed
8 tasks
@dplumlee dplumlee requested a review from jpdjere August 1, 2024 14:53
@dplumlee dplumlee mentioned this pull request Aug 1, 2024
Merged
3 tasks
@dplumlee dplumlee force-pushed the data-source-field-diff-test-plan branch from da35abf to 0c9ec16 Compare August 6, 2024 17:31
nikitaindik
nikitaindik reviewed Aug 6, 2024
View reviewed changes
Copy link
Contributor

@nikitaindik nikitaindik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @dplumlee! I have taken a look and left a couple comments. Will take a more thorough look tomorrow.

...ution/docs/testing/test_plans/detection_response/prebuilt_rules/upgrade_review_algorithms.md Outdated Show resolved Hide resolved
...ution/docs/testing/test_plans/detection_response/prebuilt_rules/upgrade_review_algorithms.md Outdated Show resolved Hide resolved
...ution/docs/testing/test_plans/detection_response/prebuilt_rules/upgrade_review_algorithms.md
Examples:
| algorithm | base_version | current_version | target_version | merged_version |
| data_source | {type: "index_patterns", "index_patterns": ["one", "two", "three"]} | {type: "index_patterns", "index_patterns": ["two", "one", "four"]} | {type: "index_patterns", "index_patterns": ["one", "two", "five"]} | {type: "index_patterns", "index_patterns": ["one", "two", "four", "five"]} |
| data_source | {type: "data_view", "data_view_id": "A"} | {type: "index_patterns", "index_patterns": ["one", "one", "two", "three"]} | {type: "index_patterns", "index_patterns": ["one", "two", "five"]} | {type: "index_patterns", "index_patterns": ["one", "two", "three", "five"]} |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this extra "one" in current_version intentional?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's similar to the scalar array diff algorithm where we test deduplication, etc., in the arrays. The tests aren't as exhaustive for this algorithm since we're reusing a lot of logic for array comparison and merging but it's still a good idea to test a little bit of it

nikitaindik
nikitaindik reviewed Aug 7, 2024
View reviewed changes
Copy link
Contributor

@nikitaindik nikitaindik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finished my review. Added a couple more comments. Please take a look when you can.

...ution/docs/testing/test_plans/detection_response/prebuilt_rules/upgrade_review_algorithms.md Outdated Show resolved Hide resolved
...ution/docs/testing/test_plans/detection_response/prebuilt_rules/upgrade_review_algorithms.md Show resolved Hide resolved
nikitaindik
nikitaindik approved these changes Aug 9, 2024
View reviewed changes
Copy link
Contributor

@nikitaindik nikitaindik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for addressing feedback @dplumlee! LGTM now.

@jpdjere
Copy link
Contributor

jpdjere commented Aug 9, 2024
edited
Loading

@dplumlee

⚠️ Before merging, can you take a look at the 2 comments I left: one about a small typo -AC -> -AB, the other one about the -AB scenario returning a SOLVABLE conflict instead of NON_SOLVABLE.

After that, all good from my side 👍 ✅

@dplumlee dplumlee enabled auto-merge (squash) August 9, 2024 16:45
@dplumlee dplumlee merged commit defcc43 into elastic:main Aug 9, 2024
7 checks passed
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Aug 9, 2024
@dplumlee dplumlee deleted the data-source-field-diff-test-plan branch August 9, 2024 17:09
dplumlee added a commit that referenced this pull request Aug 9, 2024
@dplumlee
[Security Solution] Integration tests for data_source field diff al…
b1a2922 
…gorithm (#189744)

## Summary

Completes #187659


Switches `data_source` fields to use the implemented diff algorithm
assigned to them in #188874


Adds integration tests in accordance to
#189669 for the `upgrade/_review`
API endpoint for the `data_source` field diff algorithm.

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikitaindik nikitaindik nikitaindik approved these changes

@jpdjere jpdjere jpdjere approved these changes

Assignees

@dplumlee dplumlee

Labels
backport:skip This commit does not require backporting Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area release_note:skip Skip the PR/issue when compiling release notes Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. test-plan v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dplumlee @elasticmachine @jpdjere @nikitaindik @kibanamachine