[Security Solution][EDR] Fix import of endpoint exceptions#233142
Conversation
|
/ci |
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
| export default function ({ getService }: FtrProviderContext) { | ||
| const endpointArtifactTestResources = getService('endpointArtifactTestResources'); | ||
| const utils = getService('securitySolutionUtils'); |
There was a problem hiding this comment.
From what I recall, these callbacks have relatively low test coverage. Could we at least add a few error-handling tests?
There was a problem hiding this comment.
What do you mean by Error handling?
Also - FYI: there are tests for endpoint exceptions that will be transitioned to be owned by our team as you all work on migrating the endpoint exceptions to our area of the UI. I don't know what the coverage is like there.
There was a problem hiding this comment.
OH. Wait. I think you mean error conditions that tests the code that was already there in the import extension point.
I'll add some test :)
There was a problem hiding this comment.
FYI: I added tests to ensure we get an error for every other artifact
There was a problem hiding this comment.
Sorry for the unclear comment earlier, and thanks for addressing it anyway 🙂
| .send() | ||
| .expect(200); | ||
|
|
||
| expect(body.data.length).to.eql(3); |
There was a problem hiding this comment.
could you please refactor or just comment this test so it's a bit easier to understand? also, could you help me understand? : )
so 3 list items are imported, 1 with policy:all tag, 2 without it. how does this GET _find api call test this?
There was a problem hiding this comment.
So the bug was: imported items were not returned on the GET request. They were imported, but never returned.
This test imports 3 items: some have the Global tag; others don't.... but after the import, all 3 items should be returned - which means that the fix that was applied is working
I will add a comment to this assertion to indicate this. Was there anything else that I can help clarify for you/
There was a problem hiding this comment.
thanks for the explanation, all clear. i think this is a good regression test to ensure we don't have the original bug, but it is too indirect for testing that the global artifact tag is really added.
could we also check if the tags are really present either here or in unit test level?
There was a problem hiding this comment.
Sure. I will add a check here to ensure the tag was added
…int-exceptions' into task/olm-230679-fix-import-endpoint-exceptions
…-import-endpoint-exceptions
| .send() | ||
| .expect(200); | ||
|
|
||
| expect(body.data.length).to.eql(3); |
There was a problem hiding this comment.
thanks for the explanation, all clear. i think this is a good regression test to ensure we don't have the original bug, but it is too indirect for testing that the global artifact tag is really added.
could we also check if the tags are really present either here or in unit test level?
|
Starting backport for target branches: 9.1 |
💚 Build Succeeded
Metrics [docs]Saved Objects .kibana field count
History
|
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
…33142) ## Summary - Fix import of Endpoint Exceptions to ensure they are made visible and accessible via API - A bug was introduced with `v9.1.0`, as part of support for Spaces, that made imported endpoint exceptions unaccessible after import. Items were imported into the index, but they did not include a `tag` indicating that the exception is Global. This was a new requirement with `v9.1.0`
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…33142) ## Summary - Fix import of Endpoint Exceptions to ensure they are made visible and accessible via API - A bug was introduced with `v9.1.0`, as part of support for Spaces, that made imported endpoint exceptions unaccessible after import. Items were imported into the index, but they did not include a `tag` indicating that the exception is Global. This was a new requirement with `v9.1.0` (cherry picked from commit 5be7a8f) # Conflicts: # x-pack/solutions/security/plugins/security_solution/server/lists_integration/endpoint/handlers/exceptions_pre_import_handler.ts # x-pack/solutions/security/test/security_solution_endpoint/services/endpoint_artifacts.ts
…3142) (#233890) # Backport This will backport the following commits from `main` to `9.1`: - [[Security Solution][EDR] Fix import of endpoint exceptions (#233142)](#233142) <!--- Backport version: 10.0.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Paul Tavares","email":"56442535+paul-tavares@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-09-02T21:02:24Z","message":"[Security Solution][EDR] Fix import of endpoint exceptions (#233142)\n\n## Summary\n\n- Fix import of Endpoint Exceptions to ensure they are made visible and\naccessible via API\n- A bug was introduced with `v9.1.0`, as part of support for Spaces,\nthat made imported endpoint exceptions unaccessible after import. Items\nwere imported into the index, but they did not include a `tag`\nindicating that the exception is Global. This was a new requirement with\n`v9.1.0`","sha":"5be7a8f4c914eea310ca137407403a67fcb923e5","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:Defend Workflows","backport:version","v9.1.0","v9.2.0"],"title":"[Security Solution][EDR] Fix import of endpoint exceptions","number":233142,"url":"https://github.com/elastic/kibana/pull/233142","mergeCommit":{"message":"[Security Solution][EDR] Fix import of endpoint exceptions (#233142)\n\n## Summary\n\n- Fix import of Endpoint Exceptions to ensure they are made visible and\naccessible via API\n- A bug was introduced with `v9.1.0`, as part of support for Spaces,\nthat made imported endpoint exceptions unaccessible after import. Items\nwere imported into the index, but they did not include a `tag`\nindicating that the exception is Global. This was a new requirement with\n`v9.1.0`","sha":"5be7a8f4c914eea310ca137407403a67fcb923e5"}},"sourceBranch":"main","suggestedTargetBranches":["9.1"],"targetPullRequestStates":[{"branch":"9.1","label":"v9.1.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/233142","number":233142,"mergeCommit":{"message":"[Security Solution][EDR] Fix import of endpoint exceptions (#233142)\n\n## Summary\n\n- Fix import of Endpoint Exceptions to ensure they are made visible and\naccessible via API\n- A bug was introduced with `v9.1.0`, as part of support for Spaces,\nthat made imported endpoint exceptions unaccessible after import. Items\nwere imported into the index, but they did not include a `tag`\nindicating that the exception is Global. This was a new requirement with\n`v9.1.0`","sha":"5be7a8f4c914eea310ca137407403a67fcb923e5"}}]}] BACKPORT-->
…33142) ## Summary - Fix import of Endpoint Exceptions to ensure they are made visible and accessible via API - A bug was introduced with `v9.1.0`, as part of support for Spaces, that made imported endpoint exceptions unaccessible after import. Items were imported into the index, but they did not include a `tag` indicating that the exception is Global. This was a new requirement with `v9.1.0`
Summary
v9.1.0, as part of support for Spaces, that made imported endpoint exceptions unaccessible after import. Items were imported into the index, but they did not include atagindicating that the exception is Global. This was a new requirement withv9.1.0Checklist