[Security Solution] Support rule type change during upgrade#200199
[Security Solution] Support rule type change during upgrade#200199xcrzx merged 5 commits intoelastic:mainfrom xcrzx:rule-type-change
Conversation
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
maximpn
left a comment
There was a problem hiding this comment.
@xcrzx thanks for addressing rule type change 👍
I don't any critical comments though some of them worth to be checked before approval. The only concern that I have is related to rules without customization. We still show a callout for such rules and users might be confused by the message
Testing didn't reveal any issues. Rule upgrade works w/ and w/o feature flag enabled.
There was a problem hiding this comment.
nit: Shouldn't it be PerformUpgradeSpecificRulesRequest?
There was a problem hiding this comment.
I'm curious on your thoughts on shouldn't we use translation keys like xpack.securitySolution.ruleManagement... or xpack.securitySolution.detectionEngine.ruleManagement...?
Rule management is considered a part of Detection Engine though Rule Management and Detection Engine are kind of independent things.
There was a problem hiding this comment.
nit: Maybe we could move out upgradeRulesToResolved and upgradeRulesToTarget to a separate hooks? This will make UpgradePrebuiltRulesTableContextProvider smaller and simpler to comprehend.
There was a problem hiding this comment.
| let updateTabContent = ( | |
| <PerFieldRuleDiffTab | |
| header={hasRuleTypeChange ? <RuleTypeChangeCallout /> : null} | |
| ruleDiff={ruleUpgradeState.diff} | |
| /> | |
| ); | |
| // Show the resolver tab only if rule customization is enabled and there | |
| // is no rule type change. In case of rule type change users can't resolve | |
| // conflicts, only accept the target rule. | |
| if (isPrebuiltRulesCustomizationEnabled && !hasRuleTypeChange) { | |
| updateTabContent = ( | |
| <RuleUpgradeConflictsResolverTab | |
| ruleUpgradeState={ruleUpgradeState} | |
| setRuleFieldResolvedValue={setRuleFieldResolvedValue} | |
| /> | |
| ); | |
| } | |
| // Show the resolver tab only if rule customization is enabled and there | |
| // is no rule type change. In case of rule type change users can't resolve | |
| // conflicts, only accept the target rule. | |
| const updateTabContent = | |
| isPrebuiltRulesCustomizationEnabled && !hasRuleTypeChange ? ( | |
| <RuleUpgradeConflictsResolverTab | |
| ruleUpgradeState={ruleUpgradeState} | |
| setRuleFieldResolvedValue={setRuleFieldResolvedValue} | |
| /> | |
| ) : ( | |
| <PerFieldRuleDiffTab | |
| header={hasRuleTypeChange ? <RuleTypeChangeCallout /> : null} | |
| ruleDiff={ruleUpgradeState.diff} | |
| /> | |
| ); |
There was a problem hiding this comment.
Technically it's not a header according to the use case scenario. Semantically headers should be wrapped in h1-6 tags. In fact we display a warning here. On top of that the component already has a header RuleDiffHeaderBar. Maybe we could use standard children prop or just rename it to headerAppend?
There was a problem hiding this comment.
I think you are confusing heading elements with headers.
There was a problem hiding this comment.
Using diff.fields.version?.target_version or rulesUpgradeState[ruleId].current_rule.version looks weird or I miss something here.
The logic is straightforward. There is a diff if we have some fields changed in a new prebuilt rules package version. When one or more fields changed it's expected to have version bumped. This way version will always be in the diff and it equals to target_rule.version.
Could we use version: rulesUpgradeState[ruleId].target_rule.version here?
There was a problem hiding this comment.
I don't know why this logic was written in this specific way, but using version: rulesUpgradeState[ruleId].target_rule.version seems more straightforward to me
As discussed during demo, I'll add a separate task to introduce a better handling of the situation when rules are not customized. But currently, it is not a priority |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
History
cc @xcrzx |
|
Starting backport for target branches: 8.x |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…00199) (#202048) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Support rule type change during upgrade (#200199)](#200199) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Dmitrii Shevchenko","email":"dmitrii.shevchenko@elastic.co"},"sourceCommit":{"committedDate":"2024-11-27T17:59:42Z","message":"[Security Solution] Support rule type change during upgrade (#200199)","sha":"1dd2400642cbd764963da13713e6cd0aac890300","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","backport:version","v8.18.0"],"title":"[Security Solution] Support rule type change during upgrade","number":200199,"url":"https://github.com/elastic/kibana/pull/200199","mergeCommit":{"message":"[Security Solution] Support rule type change during upgrade (#200199)","sha":"1dd2400642cbd764963da13713e6cd0aac890300"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200199","number":200199,"mergeCommit":{"message":"[Security Solution] Support rule type change during upgrade (#200199)","sha":"1dd2400642cbd764963da13713e6cd0aac890300"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Dmitrii Shevchenko <dmitrii.shevchenko@elastic.co>
Resolves: #180395
Summary
Supports rule type change when upgrading a rule to a newer version, covering scenarios where the current version's rule type differs from the target version. Regardless of the feature flag, the rule should be updated to the
targetversion.Behavior with Rule Customization OFF
No changes expected. A rule with a rule type change can be updated through:
Behavior with Rule Customization ON
Regardless of whether the rule has customizations:
The update flyout includes a warning message, advising users to back up any customizations the rule may have. The flyout is in read-only mode: