[Security Solution] Adds diff algorithm and unit tests for query fields#190179
Merged
dplumlee merged 12 commits intoelastic:mainfrom Sep 9, 2024
Merged
[Security Solution] Adds diff algorithm and unit tests for query fields#190179dplumlee merged 12 commits intoelastic:mainfrom
query fields#190179dplumlee merged 12 commits intoelastic:mainfrom
Conversation
Contributor
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Contributor
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Contributor
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
8 tasks
Contributor
|
@dplumlee I'm gonna continue reviewing next week cause I gotta handle some SDHs today but:
So let's just use the simple diffing algorithm for the |
2 tasks
jpdjere
reviewed
Sep 9, 2024
Comment on lines
485
to
516
Contributor
There was a problem hiding this comment.
Not sure I understand these two scenarios as described here:
returns target_version as merged output if all versions are the same: Do you mean hereif current and target versions have the same type?returns target_version as merged output if all versions are different: Did you mean hereif current and target versions have different type? In that case it doesn't match the input data, which are both ofsaved_querytype.
Contributor
Author
There was a problem hiding this comment.
Yeah I meant if both versions had the same/different type fields, I'll switch it over 👍
jpdjere
reviewed
Sep 9, 2024
Comment on lines
39
to
49
Contributor
There was a problem hiding this comment.
This is unused now, right? Let's delete it for now then.
jpdjere
approved these changes
Sep 9, 2024
Contributor
jpdjere
left a comment
There was a problem hiding this comment.
Leaving my approval because overall LGTM ✅ but please take a look at the two comments I left before merging.
eb1d612 to
8263b1a
Compare
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @dplumlee |
This was referenced Sep 10, 2024
1 task
dplumlee
added a commit
that referenced
this pull request
Sep 16, 2024
) ## Summary Related ticket: #187658 Adds test plan for diff algorithm for arrays of scalar values implemented here: #190179 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 16, 2024
…tic#192529) ## Summary Related ticket: elastic#187658 Adds test plan for diff algorithm for arrays of scalar values implemented here: elastic#190179 ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit 6680f35)
kibanamachine
referenced
this pull request
Sep 16, 2024
… algorithm (#192529) (#193062) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Test plan for `query` fields diff algorithm (#192529)](#192529) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-16T17:19:39Z","message":"[Security Solution] Test plan for `query` fields diff algorithm (#192529)\n\n## Summary\r\n\r\nRelated ticket: https://github.com/elastic/kibana/issues/187658\r\n\r\nAdds test plan for diff algorithm for arrays of scalar values\r\nimplemented here: https://github.com/elastic/kibana/pull/190179\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"6680f35ef94286d34dd5c56e28575b31eab70836","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","test-plan","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0"],"title":"[Security Solution] Test plan for `query` fields diff algorithm","number":192529,"url":"https://github.com/elastic/kibana/pull/192529","mergeCommit":{"message":"[Security Solution] Test plan for `query` fields diff algorithm (#192529)\n\n## Summary\r\n\r\nRelated ticket: https://github.com/elastic/kibana/issues/187658\r\n\r\nAdds test plan for diff algorithm for arrays of scalar values\r\nimplemented here: https://github.com/elastic/kibana/pull/190179\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"6680f35ef94286d34dd5c56e28575b31eab70836"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192529","number":192529,"mergeCommit":{"message":"[Security Solution] Test plan for `query` fields diff algorithm (#192529)\n\n## Summary\r\n\r\nRelated ticket: https://github.com/elastic/kibana/issues/187658\r\n\r\nAdds test plan for diff algorithm for arrays of scalar values\r\nimplemented here: https://github.com/elastic/kibana/pull/190179\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"6680f35ef94286d34dd5c56e28575b31eab70836"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
dplumlee
added a commit
that referenced
this pull request
Sep 16, 2024
…92655) ## Summary Completes #187658 Switches `kql_query`, `eql_query`, and `esql_query` fields to use the implemented diff algorithms assigned to them in #190179 Adds integration tests in accordance to #192529 for the `upgrade/_review` API endpoint for the `query` field diff algorithms. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Sep 17, 2024
…astic#192655) ## Summary Completes elastic#187658 Switches `kql_query`, `eql_query`, and `esql_query` fields to use the implemented diff algorithms assigned to them in elastic#190179 Adds integration tests in accordance to elastic#192529 for the `upgrade/_review` API endpoint for the `query` field diff algorithms. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) (cherry picked from commit ceb1b1a)
kibanamachine
added a commit
that referenced
this pull request
Sep 17, 2024
…f algorithms (#192655) (#193108) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Integration tests for `query` diff algorithms (#192655)](#192655) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"56367316+dplumlee@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-16T23:58:55Z","message":"[Security Solution] Integration tests for `query` diff algorithms (#192655)\n\n## Summary\r\n\r\nCompletes https://github.com/elastic/kibana/issues/187658\r\n\r\n\r\nSwitches `kql_query`, `eql_query`, and `esql_query` fields to use the\r\nimplemented diff algorithms assigned to them in\r\nhttps://github.com//pull/190179\r\n\r\n\r\nAdds integration tests in accordance to\r\nhttps://github.com//pull/192529 for the `upgrade/_review`\r\nAPI endpoint for the `query` field diff algorithms.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"ceb1b1a4bf253ac94f9ba0ba649e9a4908a76c51","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["test","release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","v8.16.0"],"title":"[Security Solution] Integration tests for `query` diff algorithms","number":192655,"url":"https://github.com/elastic/kibana/pull/192655","mergeCommit":{"message":"[Security Solution] Integration tests for `query` diff algorithms (#192655)\n\n## Summary\r\n\r\nCompletes https://github.com/elastic/kibana/issues/187658\r\n\r\n\r\nSwitches `kql_query`, `eql_query`, and `esql_query` fields to use the\r\nimplemented diff algorithms assigned to them in\r\nhttps://github.com//pull/190179\r\n\r\n\r\nAdds integration tests in accordance to\r\nhttps://github.com//pull/192529 for the `upgrade/_review`\r\nAPI endpoint for the `query` field diff algorithms.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"ceb1b1a4bf253ac94f9ba0ba649e9a4908a76c51"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192655","number":192655,"mergeCommit":{"message":"[Security Solution] Integration tests for `query` diff algorithms (#192655)\n\n## Summary\r\n\r\nCompletes https://github.com/elastic/kibana/issues/187658\r\n\r\n\r\nSwitches `kql_query`, `eql_query`, and `esql_query` fields to use the\r\nimplemented diff algorithms assigned to them in\r\nhttps://github.com//pull/190179\r\n\r\n\r\nAdds integration tests in accordance to\r\nhttps://github.com//pull/192529 for the `upgrade/_review`\r\nAPI endpoint for the `query` field diff algorithms.\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"ceb1b1a4bf253ac94f9ba0ba649e9a4908a76c51"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Related ticket: #187658
Adds diff algorithm for all the grouped
queryfields we have in theDiffableRuletype and prebuilt rule upgrade workflow. These includekql_query(both inline and saved query),eql_query, andesql_query. Also adds unit tests for all three algorithms.Checklist
Delete any items that are not applicable to this PR.
For maintainers