Skip to content

Commit 5da1389

Browse files
dplumleedplumlee
committed
fixes patch logic
1 parent 51ac51f commit 5da1389

2 files changed

Lines changed: 35 additions & 1 deletion

File tree

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/apply_rule_patch.test.ts

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -453,4 +453,36 @@ describe('applyRulePatch', () => {
453453
})
454454
).rejects.toThrowError('new_terms_fields: Expected array, received string');
455455
});
456+
457+
test('should retain existing required_fields when not present in rule patch body', async () => {
458+
const rulePatch = {
459+
name: 'new name',
460+
} as PatchRuleRequestBody;
461+
const existingRule = {
462+
...getRulesSchemaMock(),
463+
required_fields: [
464+
{
465+
name: 'event.action',
466+
type: 'keyword',
467+
ecs: true,
468+
},
469+
],
470+
};
471+
const patchedRule = await applyRulePatch({
472+
rulePatch,
473+
existingRule,
474+
prebuiltRuleAssetClient,
475+
});
476+
expect(patchedRule).toEqual(
477+
expect.objectContaining({
478+
required_fields: [
479+
{
480+
name: 'event.action',
481+
type: 'keyword',
482+
ecs: true,
483+
},
484+
],
485+
})
486+
);
487+
});
456488
});

x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/mergers/apply_rule_patch.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,9 @@ export const applyRulePatch = async ({
9292
meta: rulePatch.meta ?? existingRule.meta,
9393
max_signals: rulePatch.max_signals ?? existingRule.max_signals,
9494
related_integrations: rulePatch.related_integrations ?? existingRule.related_integrations,
95-
required_fields: addEcsToRequiredFields(rulePatch.required_fields),
95+
required_fields: rulePatch.required_fields
96+
? addEcsToRequiredFields(rulePatch.required_fields)
97+
: existingRule.required_fields,
9698
risk_score: rulePatch.risk_score ?? existingRule.risk_score,
9799
risk_score_mapping: rulePatch.risk_score_mapping ?? existingRule.risk_score_mapping,
98100
rule_name_override: rulePatch.rule_name_override ?? existingRule.rule_name_override,

0 commit comments

Comments
 (0)