[SIEM][Exceptions] - Exception builder component #67013
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This also adds a generic hook, useAsyncTask, that wraps an async function to provide basic utilities: * loading state * error state * abort/cancel function
These were not caught locally as I was accidentally running typescript without the full project.
… tuple This allows callers to further leverage fp-ts functions as needed.
* leverages new validateEither fn which returns an Either * constructs a pipeline that: * validates the payload * performs the API call * validates the response and short-circuits if any of those produce a Left value. It then converts the Either into a promise that either rejects with the Left or resolves with the Right.
This cleans up our validation pipeline considerably.
* refactors private API functions to accept the encoded request schema (i.e. snake cased) * refactors validateEither to use `schema.validate` instead of `schema.decode` since we don't actually want the decoded value, we just want to verify that it'll be able to be decoded on the backend.
* Continue to export decoded types without a qualifier * pull types used by hooks from their new location * Fix errors with usage of act()
By pulling from the module directly instead of an index, we can hopefully narrow down our dependencies until tree-shaking does this for us.
yctercero
changed the title
|
Pinging @elastic/siem (Team:SIEM) |
yctercero
commented
Jul 1, 2020
| /> | ||
| ); | ||
| if (index === 0 && exceptionItemIndex === 0) { | ||
| return <MyFirstRowContainer grow={false}>{button}</MyFirstRowContainer>; |
There was a problem hiding this comment.
Similar to the above comment - the first row includes the field labels, so the delete icon was centering based on that extra space. Added padding fixes that.
yctercero
commented
Jul 1, 2020
| }; | ||
| }; | ||
|
|
||
| export const filterExceptionItems = ( |
There was a problem hiding this comment.
This is to ensure that we only bubble up valid exception item and entries. A user could add 10 blank rows or entries, this strips those out.
yctercero
commented
Jul 1, 2020
| @@ -49,3 +50,46 @@ export interface ExceptionsPagination { | |||
| totalItemCount: number; | |||
| pageSizeOptions: number[]; | |||
| } | |||
|
|
|||
| export interface FormattedBuilderEntryBase { | |||
There was a problem hiding this comment.
These new types are to deal with the empty states of the entries in the builder, since the exception item entries can be in what the ExceptionListItemSchema would pick up as invalid. But when bubbling up the exceptions to the parent, we do check to strip out any empties.
peluja1012
reviewed
Jul 1, 2020
| @@ -0,0 +1,122 @@ | |||
| # Autocomplete Fields | |||
peluja1012
approved these changes
Jul 1, 2020
yctercero
added a commit
to yctercero/kibana
that referenced
this pull request
Jul 2, 2020
### Summary
This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an `onChange` handler that can be used to access the exceptions. The builder is able to:
- accept `ExceptionListItem` and render them correctly
- allow user to add exception list item and exception list item entries
- accept an `indexPattern` and use it to fetch relevant field and autocomplete field values
- disable `Or` button if user is only allowed to edit/add to exception list item (not add additional exception list items)
- displays `Add new exception` button if no exception items exist
- An exception item can be created without entries, the `add new exception` button will show in the case that an exception list contains exception list item(s) with an empty `entries` array (as long as there is one exception list item with an item in `entries`, button does not show)
- debounces field value autocomplete searches
- bubble up exceptions to parent component, stripping out any empty entries
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
yctercero
added a commit
that referenced
this pull request
Jul 2, 2020
### Summary
This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an `onChange` handler that can be used to access the exceptions. The builder is able to:
- accept `ExceptionListItem` and render them correctly
- allow user to add exception list item and exception list item entries
- accept an `indexPattern` and use it to fetch relevant field and autocomplete field values
- disable `Or` button if user is only allowed to edit/add to exception list item (not add additional exception list items)
- displays `Add new exception` button if no exception items exist
- An exception item can be created without entries, the `add new exception` button will show in the case that an exception list contains exception list item(s) with an empty `entries` array (as long as there is one exception list item with an item in `entries`, button does not show)
- debounces field value autocomplete searches
- bubble up exceptions to parent component, stripping out any empty entries
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jul 2, 2020
* master: (46 commits) [Visualize] Add missing advanced settings and custom label for pipeline aggs (elastic#69688) Use dynamic: false for config saved object mappings (elastic#70436) [Ingest Pipelines] Error messages (elastic#70167) [APM] Show transaction rate per minute on Observability Overview page (elastic#70336) Filter out error when calculating a label (elastic#69934) [Visualizations] Each visType returns its supported triggers (elastic#70177) [Telemetry] Report data shippers (elastic#64935) Reduce SavedObjects mappings for Application Usage (elastic#70475) [Lens] fix dimension label performance issues (elastic#69978) Skip failing endgame tests (elastic#70548) [SIEM] Reenabling Cypress tests (elastic#70397) [SIEM][Security Solution][Endpoint] Endpoint Artifact Manifest Management + Artifact Download and Distribution (elastic#67707) [Security] Adds field mapping support to rule creation (elastic#70288) SECURITY-ENDPOINT: add fields for events to metadata document (elastic#70491) Fixed assertion in hybrid index pattern test to iterate through indices (elastic#70130) [SIEM][Exceptions] - Exception builder component (elastic#67013) [Ingest Manager] Rename data sources to package configs (elastic#70259) skip suites blocking es snapshot promomotion (elastic#70532) [Metrics UI] Fix asynchronicity and error handling in Snapshot API (elastic#70503) fix export response (elastic#70473) ...
MindyRS
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR creates the bulk functionality of the exception builder. The exception builder is the component that will be used to create exception list items. It does not deal with the actual API creation/deletion/update of exceptions, it does contain an
onChangehandler that can be used to access the exceptions. The builder is able to:ExceptionListItemand render them correctlyindexPatternand use it to fetch relevant field and autocomplete field valuesOrbutton if user is only allowed to edit/add to exception list item (not add additional exception list items)Add new exceptionbutton if no exception items existadd new exceptionbutton will show in the case that an exception list contains exception list item(s) with an emptyentriesarray (as long as there is one exception list item with an item inentries, button does not show)Logic checks:
boolean, operators are limited tois,is not,exists,does not existand available values aretrue,falsedate,number, orip, values combo box shows error state if values do not match field typeis in listoris not in list, only lists that match the selected field type will be displayed in the autocompleteAside
Created reusable components for field, operator and field value inputs as it's already needed for other functionality. I added a
README.md(x-pack/plugins/security_solution/public/common/components/autocomplete/readme.md) to try to make use of the components a bit easier.To Do
React warning on initial first field selection (wip)Match any was acting funny(was passing selected field as query to autocomplete, causing funkiness, fixed!)Examples
Builder
List operator
Match operator
Match any operator
Boolean field type
Exists operator
Sample validation (field of type
ip)Checklist