[Cases] Validate attributes before create SOs #158590
Conversation
cnasikas
added
release_note:skip
|
Pinging @elastic/response-ops (Team:ResponseOps) |
|
Pinging @elastic/response-ops-cases (Feature:Cases) |
|
@elasticmachine merge upstream |
|
|
||
| export const CommentUserActionRt = rt.strict({ | ||
| type: rt.literal(ActionTypes.comment), | ||
| payload: CommentUserActionPayloadRt, | ||
| }); | ||
|
|
||
| export const CommentUserActionWithoutIdsRt = rt.strict({ |
There was a problem hiding this comment.
I needed this type so I can validate the attributes passed to the so client when you creating a user action. The attributes do not contain any ids as they are in the references array.
cnasikas
force-pushed
the
decode_cases_services_requests
branch
from
5bf2fde
to
784dc56
Compare
| @@ -242,24 +241,6 @@ export const basicParams = { | |||
| ...entity, | |||
| }; | |||
|
|
|||
| export const mappings: ConnectorMappings = [ | |||
|
buildkite test this |
| @@ -167,9 +167,11 @@ export class AttachmentService { | |||
| try { | |||
| this.context.log.debug(`Attempting to POST a new comment`); | |||
|
|
|||
| const decodedAttributes = decodeOrThrow(AttachmentTransformedAttributesRt)(attributes); | |||
There was a problem hiding this comment.
What do you think about using CommentAttributesRt etc for the io-ts schema instead? When I read this, my first thought is why are we checking that the attributes match the "transformed" schema. I could see that being confusing if you didn't know they were the same.
| @@ -583,7 +585,13 @@ export class CasesService { | |||
| }: PatchCaseArgs): Promise<SavedObjectsUpdateResponse<CaseTransformedAttributes>> { | |||
| try { | |||
| this.log.debug(`Attempting to UPDATE case ${caseId}`); | |||
| const transformedAttributes = transformAttributesToESModel(updatedAttributes); | |||
|
|
|||
| const PartialCaseTransformedAttributesRt = getPartialCaseTransformedAttributesRt(); | |||
There was a problem hiding this comment.
Forgot to mention when we created getPartialCaseTransformedAttributesRt() but we could probably move it to a global within this file or static variable within the class since it won't change. That way we don't have to create it every time.
| await expect(persister.createUserAction(getRequest())).resolves.not.toThrow(); | ||
| }); | ||
|
|
||
| it('throws if closure_type is omitted', async () => { |
There was a problem hiding this comment.
nit: throws if fields is omitted
| ).resolves.not.toThrow(); | ||
| }); | ||
|
|
||
| it('throws if closure_type is omitted', async () => { |
There was a problem hiding this comment.
nit: throws if owner is omitted
| PersistableStateAttachmentRt, | ||
| ]); | ||
|
|
||
| export const CommentRequestRt = rt.union([...BasicCommentRequestRt.types, ExternalReferenceSORt]); |
There was a problem hiding this comment.
Does it work to do:
export const CommentRequestRt = rt.union([BasicCommentRequestRt, ExternalReferenceSORt]);
|
buildkite test this |
|
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Page load bundle
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @cnasikas |
There was a problem hiding this comment.
LGTM so far, I just want to take another look at the tests.
As discussed offline, I checked also other services in x-pack/plugins/cases/server/services/. The alerts service, in particular, felt like it could need a decode before calls to the SOClient. I took a look and it seemed fine because none of the methods there are exposed to the outside anyway, and none uses anything other than case or alert ids but perhaps you could double-check?
| }) | ||
| ).resolves.not.toThrow(); | ||
| }); | ||
|
|
There was a problem hiding this comment.
What happens if no attribute is passed?
Summary
This PR uses
io-ts'sdecodeutitlity function to validate the attributes before creating cases saved objects.Checklist
Delete any items that are not applicable to this PR.
For maintainers