[Cloud Security ] 12165 update UI handling of multiple CVEs and package fields#216411
[Cloud Security ] 12165 update UI handling of multiple CVEs and package fields#216411alexreal1314 merged 27 commits intomainfrom
Conversation
|
Cloud deployment initiated, see credentials at: https://buildkite.com/elastic/kibana-deploy-cloud-from-pr/builds/127 |
b3694e1 to
79ea6b7
Compare
| firstItemRenderer?: (item: K) => React.ReactNode; | ||
| } | ||
|
|
||
| const MultiValueCellPopoverComponent = <T, K = string>({ |
There was a problem hiding this comment.
I was thinking about making this component a wrapper to EuiPopover that displays a badge and gets array of items and a render function but there are few issues with that approach:
- if vulnerability.id = ['a'] in that case if we don't render the first item here then the consumer should render it. So we will end up with a '+ 0' text in the badge since we are displaying the amount of items left - 1. That leads to the next issue.
- To avoid displaying '+ 0' badge we need to check if the array's length is bigger than 1 - in that case we rely on the consumer to display the first item - IMO it leads to split responsibility between consumer and component, risk of inconsistency if conusmers doesn't handle single item case and if we add items.length - 1 logic to the component it is coupled with display logic.
E.G consumer will do something like this:
therefore we hide this logic in the component and render it as it is or allow the user to pass optional param firstItemRenderer function to handle the first item rendering. So this component handles the first item and the subsequent ones are rendered in the popover. it is possible to render only the badge and pass firstItemRenderer as an empty function.
Other params are:
- items , which are the items to be renders in the popover.
- field - the field we are rendering - e.g 'vulnerability.id', 'package.name' etc.
- object - the object which the value is extracted from, needed for the renderItem callback.
- renderItem function - renders each item in the popover
- firstItemRenderer optional - custom render function to handle first item.
There was a problem hiding this comment.
I think the proposal makes sense, as it aims on flexbility and reusability
|
Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security) |
8c8be35 to
204fc04
Compare
204fc04 to
c2c7528
Compare
d49e639 to
3060d38
Compare
JordanSh
left a comment
There was a problem hiding this comment.
some minor comments, mainly around namings, but i do think its important in this case.
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Outdated
Show resolved
Hide resolved
| onMouseLeave={handleMouseLeave} | ||
| css={css` | ||
| position: fixed; | ||
| z-index: 9000; |
There was a problem hiding this comment.
please use z index from euiTheme
There was a problem hiding this comment.
please use z index from
euiTheme
Yes, z-index levels can be tricky to maintain. As an example, if everyone were using arbitrary values, Kibana could end up with several components overriding each other, so ideally, we should use the appropriate levels token according to the context where it's being rendered.
There was a problem hiding this comment.
Also, could you consider taking a look at EuiPortal instead of createPortal to see if it works for us? It seems to work by relying on using natural order where it adds the element of the portal on the end of the page, so it leverages natural z-index stacking, and then we (hopefully) wouldn't even need to worry about z-index
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Outdated
Show resolved
Hide resolved
x-pack/solutions/security/plugins/cloud_security_posture/public/components/copy_button.tsx
Outdated
Show resolved
Hide resolved
| { id: VULNERABILITY_FIELDS.VULNERABILITY_ID, width: 130 }, | ||
| { id: VULNERABILITY_FIELDS.SCORE_BASE, width: 80 }, | ||
| { id: VULNERABILITY_FIELDS.VULNERABILITY_TITLE, width: 160 }, | ||
| { id: VULNERABILITY_FIELDS.VULNERABILITY_ID, width: 180 }, |
There was a problem hiding this comment.
a small ux improvement could be that regardless of the columns width, the expand badge should always show. meaning the text should truncate to fit the column's width including the expand badge. it shouldn't be too complicated but if that turns out to be so, its not a must
There was a problem hiding this comment.
@JordanSh you mean the expand badge which is the first column or the cve column badge?
| const { setUrlQuery } = useUrlQuery<URLQuery>(getPersistedDefaultQuery); | ||
|
|
||
| const onAddFilter = useCallback( | ||
| (clickedField: string, values: string | string[], operation: '+' | '-') => { |
There was a problem hiding this comment.
i suggest to use 'add-filter' 'remove-filter' instead of +-
also, im not sure but i think we already have a hook that does that, or maybe it was removed when we changed to the UnifiedDataTable? @opauloh do you know?
There was a problem hiding this comment.
@JordanSh I'm using filterManager which is what is used in other places, and since it accepts '+' or '-' types I don't see the reason to create another type and then map it to this type.
const onAddFilter = useCallback<AddFieldFilterHandler>( (clickedField, value, operation) => { const newFilters = generateFilters(filterManager, clickedField, value, operation, dataView); filterManager.addFilters(newFilters); setUrlQuery({ filters: filterManager.getFilters(), }); }, [dataView, filterManager, setUrlQuery] );
export type AddFieldFilterHandler = ( field: string, value: unknown, type: '+' | '-' ) => void;
| ); | ||
|
|
||
| const renderItem = useCallback( | ||
| (item: string, i: number, field: string, object: CspVulnerabilityFinding) => { |
There was a problem hiding this comment.
kind of a nit pick since its only within this function's scope but i would suggest not to use generic names like 'object', you could call this a finding or a document, it makes the rest of the code easier to read
There was a problem hiding this comment.
@JordanSh Its not necessarily a finding or a document it could be any json. Regarding the naming I changed the function name to better represent what we are rendering when passing it as a param but the 'object' name should remain because the signature of the callback function is:
interface MultiValueCellPopoverProps<T, K = string> { items: K[]; field: string; object: T; renderItem: (item: K, i: number, field: string, object: T) => React.ReactNode; firstItemRenderer?: (item: K) => React.ReactNode; }
...plugins/cloud_security_posture/public/pages/vulnerabilities/latest_vulnerabilities_table.tsx
Outdated
Show resolved
Hide resolved
opauloh
left a comment
There was a problem hiding this comment.
I added a few comments and suggestions, but overall, it's a great job 💯
| onMouseLeave={handleMouseLeave} | ||
| css={css` | ||
| position: fixed; | ||
| z-index: 9000; |
There was a problem hiding this comment.
please use z index from
euiTheme
Yes, z-index levels can be tricky to maintain. As an example, if everyone were using arbitrary values, Kibana could end up with several components overriding each other, so ideally, we should use the appropriate levels token according to the context where it's being rendered.
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Outdated
Show resolved
Hide resolved
| onMouseLeave={handleMouseLeave} | ||
| css={css` | ||
| position: fixed; | ||
| z-index: 9000; |
There was a problem hiding this comment.
Also, could you consider taking a look at EuiPortal instead of createPortal to see if it works for us? It seems to work by relying on using natural order where it adds the element of the portal on the end of the page, so it leverages natural z-index stacking, and then we (hopefully) wouldn't even need to worry about z-index
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Outdated
Show resolved
Hide resolved
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Outdated
Show resolved
Hide resolved
...ions/security/packages/kbn-cloud-security-posture/public/src/components/actionable_badge.tsx
Show resolved
Hide resolved
| firstItemRenderer?: (item: K) => React.ReactNode; | ||
| } | ||
|
|
||
| const MultiValueCellPopoverComponent = <T, K = string>({ |
There was a problem hiding this comment.
I think the proposal makes sense, as it aims on flexbility and reusability
…tagrid and flyout
…ability to CVE ID column header
update flyout overview tab to support multiple cves, published date move to be above alerts section
…vulnerabilities data table
…le in both from alerts and vulnerabilities data grid pages
3aa0c21 to
dd1c48a
Compare
49a1168 to
a7f6056
Compare
…grid styling adjust flyout font style
a7f6056 to
0c071c3
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
History
|
opauloh
left a comment
There was a problem hiding this comment.
LGTM - thanks for addressing the suggestions!
…1302) ## Summary This PR backports changes related to Qualys VMDR added integration support that were merged to version 9.1.0. PRs backported: - #213039 - #216411 ### Identify risks Thorough sanity check need to be made before merging since a lot of conflicts were fixed manually. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Maxim Kholod <maxim.kholod@elastic.co>
Summary
This PR updates the rendering of multi value fields - vulnerability.id, package.name, package.version and package.fixed_version in the vulnerabilities data-grid page and alerts insights vulnerabilities tab data grid.
It also updates the rendering of package.* fields in the vulnerabilities flyout and both flyout and data grids are re using the same kbn package component to display it.
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesScreen recording
Screen.Recording.2025-04-06.at.12.18.11.mov