[Security Solution] Fix DataSource payload creation during rule upgrade with MERGED pick_version
#197262
+59
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jpdjere
added
Team:Detections and Resp
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
jpdjere
changed the title
DataSource payload creation during upgrade with MERGED pick_versionDataSource payload creation during rule upgrade with MERGED pick_version
jpdjere
added
the
release_note:skip
dplumlee
approved these changes
Oct 22, 2024
Comment on lines
+200
to
+203
| } else if (fieldName === 'data_view_id' && isDataSourceIndexPatterns(diffableFieldValue)) { | ||
| return { type: 'TRANSFORMED_FIELD', value: undefined }; | ||
| } else if (fieldName === 'index' && isDataSourceDataView(diffableFieldValue)) { | ||
| return { type: 'TRANSFORMED_FIELD', value: undefined }; |
There was a problem hiding this comment.
nit: could use a short comment as to why we do this similar to the one on line 198
💚 Build Succeeded
Metrics [docs]
History
cc @jpdjere |
banderror
added
backport:version
xcrzx
reviewed
Oct 23, 2024
Comment on lines
+259
to
+260
| targetObject['security-rule'].name = TARGET_NAME; | ||
| targetObject['security-rule'].tags = TARGET_TAGS; |
There was a problem hiding this comment.
Are these fields relevant for the test?
Comment on lines
+280
to
+281
| // Check that the updated rules has an `index` field which equals the output of the diff algorithm | ||
| // for the DataSource diffable field, and that the data_view_id is correspondingly set to undefined. |
There was a problem hiding this comment.
Can you expand on in which cases the data_view_id field can be set together with index? I'm not entirely sure I fully understand the nature of the bug.
|
Starting backport for target branches: 8.16, 8.x https://github.com/elastic/kibana/actions/runs/11482365186 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 23, 2024
…rade with `MERGED` pick_version (elastic#197262) ## Summary The PR elastic#191439 enhanced the `/upgrade/_perform` API contract and functionality to allow the users of the endpoint to upgrade rules to their `MERGED` version. However, a bug slipped in, where the two different types of `DataSource` (`type: index_patterns` or `type: data_view_id`) weren't properly handled and would cause, in some cases, a rule payload to be created having both an `index` and `data_view` field, causing upgrade to fail. This PR fixes the issue by handling these two field in a specific way, checking what the `DataSource` diffable field's type is, and setting the other field to `undefined`. ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 9656621)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Oct 23, 2024
…rade with `MERGED` pick_version (elastic#197262) ## Summary The PR elastic#191439 enhanced the `/upgrade/_perform` API contract and functionality to allow the users of the endpoint to upgrade rules to their `MERGED` version. However, a bug slipped in, where the two different types of `DataSource` (`type: index_patterns` or `type: data_view_id`) weren't properly handled and would cause, in some cases, a rule payload to be created having both an `index` and `data_view` field, causing upgrade to fail. This PR fixes the issue by handling these two field in a specific way, checking what the `DataSource` diffable field's type is, and setting the other field to `undefined`. ### Checklist Delete any items that are not applicable to this PR. - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 9656621)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Oct 23, 2024
… during rule upgrade with `MERGED` pick_version (#197262) (#197467) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)](#197262) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"jpdjeredjian@gmail.com"},"sourceCommit":{"committedDate":"2024-10-23T14:44:13Z","message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0","backport:version","v8.17.0"],"title":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version","number":197262,"url":"https://github.com/elastic/kibana/pull/197262","mergeCommit":{"message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197262","number":197262,"mergeCommit":{"message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Juan Pablo Djeredjian <jpdjeredjian@gmail.com>
kibanamachine
added a commit
that referenced
this pull request
Oct 23, 2024
…n during rule upgrade with `MERGED` pick_version (#197262) (#197466) # Backport This will backport the following commits from `main` to `8.16`: - [[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)](#197262) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Juan Pablo Djeredjian","email":"jpdjeredjian@gmail.com"},"sourceCommit":{"committedDate":"2024-10-23T14:44:13Z","message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0","backport:version","v8.17.0"],"title":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version","number":197262,"url":"https://github.com/elastic/kibana/pull/197262","mergeCommit":{"message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197262","number":197262,"mergeCommit":{"message":"[Security Solution] Fix `DataSource` payload creation during rule upgrade with `MERGED` pick_version (#197262)\n\n## Summary\r\n\r\nThe PR #191439 enhanced the\r\n`/upgrade/_perform` API contract and functionality to allow the users of\r\nthe endpoint to upgrade rules to their `MERGED` version.\r\n\r\nHowever, a bug slipped in, where the two different types of `DataSource`\r\n(`type: index_patterns` or `type: data_view_id`) weren't properly\r\nhandled and would cause, in some cases, a rule payload to be created\r\nhaving both an `index` and `data_view` field, causing upgrade to fail.\r\n\r\nThis PR fixes the issue by handling these two field in a specific way,\r\nchecking what the `DataSource` diffable field's type is, and setting the\r\nother field to `undefined`.\r\n\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [ ] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"9656621fcc8f6f9a615b0a27d45db9722e047a10"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Juan Pablo Djeredjian <jpdjeredjian@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The PR #191439 enhanced the
/upgrade/_performAPI contract and functionality to allow the users of the endpoint to upgrade rules to theirMERGEDversion.However, a bug slipped in, where the two different types of
DataSource(type: index_patternsortype: data_view_id) weren't properly handled and would cause, in some cases, a rule payload to be created having both anindexanddata_viewfield, causing upgrade to fail.This PR fixes the issue by handling these two field in a specific way, checking what the
DataSourcediffable field's type is, and setting the other field toundefined.Checklist
Delete any items that are not applicable to this PR.
For maintainers