[Security Solution][Endpoint][Admin] Malware user notification checkbox #78084
Conversation
parkiino
added
Feature:Endpoint
|
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
|
Pinging @elastic/endpoint-management (Team:Endpoint Management) |
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
| @@ -26,6 +26,7 @@ import { | |||
| migrateSettingsToV7100, | |||
| migrateAgentActionToV7100, | |||
| } from './migrations/to_v7_10_0'; | |||
| import { migratePackagePolicyToV7110 } from './migrations/to_v7_11_0'; | |||
There was a problem hiding this comment.
Can this reside and be run outside Fleet? e.g. inside security?
It seems limited to Endpoint and I'd like to limit how much Fleet "knows" about the specifics of a package
There was a problem hiding this comment.
we could store store this file outside of Fleet, but doesn't the SO migration have to run as a part of the SO mapping definition? Or could we import a mapping in security and then add an additional migration?
EDIT:
agreed on the Endpoint-only nature, happy to look at other alternatives
| import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../../../ingest_manager/common'; | ||
| import { migratePackagePolicyToV7110 } from './to_v7_11.0'; | ||
|
|
||
| export const packagePolicyType: SavedObjectsType = { |
There was a problem hiding this comment.
is it a problem that we define this here as well as in Ingest? If it is OK, should we import the mapping, clone it, and add our own migration? What happens if there are 2 migrations for 7.11? One in Ingest and one in Security?
There was a problem hiding this comment.
judging from the test failures, it certainly looks like this is an issue
https://kibana-ci.elastic.co/job/elastic+kibana+pipeline-pull-request/82038/execution/node/636/log/
There was a problem hiding this comment.
hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?
There was a problem hiding this comment.
hmmm so then should i just have the code for the migration in endpoint, but then add our migration line to the one in ingest for package policy saved objects then?
This seems like what needs to happen. We can't define a duplicate mapping for an existing SO. Unless there's a way that we import the SO mapping from ingest in our app and simply add another migration to it.
| import { PackagePolicy } from '../../../../../ingest_manager/common'; | ||
| import { migratePackagePolicyToV7110 } from './to_v7_11.0'; | ||
|
|
||
| describe('7.11.0 Endpoint Package Policy migration', () => { |
There was a problem hiding this comment.
could you add another test case that ensures package policies are not modified for non-endpoint package policies?
| describe('7.11.0 Endpoint Package Policy migration', () => { | ||
| const migration = migratePackagePolicyToV7110; | ||
| it('adds malware notification checkbox and optional message', () => { | ||
| const doc = { |
There was a problem hiding this comment.
maybe add a Type to doc? so that in the future the structure changes, we're reminded (error) to come revisit this.
| import { cloneDeep } from 'lodash'; | ||
| import { PackagePolicy } from '../../../../../ingest_manager/common'; | ||
|
|
||
| export const migratePackagePolicyToV7110: SavedObjectMigrationFn<PackagePolicy, PackagePolicy> = ( |
There was a problem hiding this comment.
This is only used by server code correct?
perhaps it would be more appropriate to store it under ./server directory and have it exposed via ./server/index?
@nnamdifrankie what do you think? ⬆️
| }, | ||
| ], | ||
| }, | ||
| type: ' nested', |
There was a problem hiding this comment.
small spacing typo here and on the rest of the type: lines in this file
💚 Build SucceededMetrics [docs]@kbn/optimizer bundle module count
async chunks size
distributable file count
page load bundle size
History
To update your PR or re-run it, just comment with: |
…arm-phase-to-formlib * 'master' of github.com:elastic/kibana: (55 commits) [UX] Fix map color variance and apply proper filter for extended stats (elastic#81106) [User Experience] Use EuiSelect for percentiles instead of SuperSelect (elastic#81082) [DOCS] Add link for monitoring ssl settings (elastic#81057) [test] Await loading indicator in monitoring test (elastic#81279) [ILM] Minor copy and link additions to cloud CTA for cold phase (elastic#80512) [Mappings editor] Add scaled_float and date_range comp integration tests (elastic#81287) [Discover] Deangularize context.app (elastic#80851) [O11y Overview] Add code to display/hide UX section when appropriate (elastic#80873) [Discover] Extend DiscoverNoResults component to show different message on error (elastic#79671) Fix tagcloud word overlapping (elastic#81161) [Security Solution] Fixes flaky test rules (elastic#81040) Changed the code to avoid tech debt with hacky solutions after receiving comments on EUI issue reported about this problem. (elastic#81183) [Security Solution][All] Replace old markdown renderer with the new one (elastic#80301) Add namespaced version of the API call (elastic#81278) [ML] Data Frame Analytics: Fix race condition and support for feature influence legacy format. (elastic#81123) [Fleet] Fix POLICY_CHANGE action creation for new policy (elastic#81236) [Security Solution][Endpoint][Admin] Malware user notification checkbox (elastic#78084) [SecuritySolution][Unit Tests] - fix flakey unit test (elastic#81239) skip flaky suite (elastic#81264) [Maps] fix top-level Map page is called 'Kibana' (elastic#81238) ... # Conflicts: # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/hot_phase/hot_phase.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/shared/forcemerge_field.tsx # x-pack/plugins/index_lifecycle_management/public/application/sections/edit_policy/components/phases/warm_phase.tsx
Summary
Issue: https://github.com/elastic/security-team/issues/220
Checklist
Delete any items that are not applicable to this PR.
For maintainers