[Osquery] Remove @kbn/timelines-plugin dependency from osquery plugin#250055
[Osquery] Remove @kbn/timelines-plugin dependency from osquery plugin#250055tomsonpl merged 17 commits intoelastic:mainfrom
Conversation
- Create local DataProvider and AddToTimelineHandler types in osquery
to avoid direct dependency on timelines plugin
- Refactor AddToTimelineButton to require addToTimeline callback prop
instead of using timelines service directly
- Pass addToTimeline handler from security solution context
(OsqueryFlyout, ResponseActionsResults) down to osquery components
- Remove timelines from osquery's StartPlugins, moon.yml, and tsconfig.json
- Re-enable previously broken timelines and cases cypress test
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Async chunks
Unknown metric groupsReferences to deprecated APIs
Unreferenced deprecated APIs
History
cc @tomsonpl |
ashokaditya
left a comment
There was a problem hiding this comment.
Did code review only and looks good to me. I've a few questions and suggestions but otherwise good to go.
| }); | ||
|
|
||
| it('should add result a case and have add to timeline in result', () => { | ||
| it('should add result a case and not have add to timeline in result', () => { |
There was a problem hiding this comment.
This test description doesn't make sense. Consider updating it. should add result to a case and not show timeline in result? Also is this test asserting two things?
There was a problem hiding this comment.
Thanks, rephrased 👍
| * Hook that returns a callback to add data providers to the active timeline. | ||
| * Shows a success toast notification after adding. | ||
| */ | ||
| export const useAddToTimeline = () => { |
There was a problem hiding this comment.
Consider adding a return type to this hook.
| value: string | string[]; | ||
| operator: ':' | ':*' | 'includes'; | ||
| }; | ||
| and: DataProvider[]; |
There was a problem hiding this comment.
You need to exclude this and from the type assigned to and no? Something like
and: Omit<DataProvider, 'and'>[] unless you want a recursive entry for and?
There was a problem hiding this comment.
Good catch! However, the recursive and: DataProvider[] (now OsqueryDataProvider[]) is intentional here.
The original DataProvider type in @kbn/timelines-plugin uses the same recursive structure:
// From timelines plugin
export interface DataProvider {
// ...
and: DataProvider[];
}
Since this local type is meant to be compatible with the timelines plugin's type (so that useAddToTimeline in security_solution can accept it), I've kept the same recursive structure to ensure type compatibility at the boundary where osquery passes providers to security_solution.
In practice, the osquery code always sets and: [] (empty array), so the recursion is never actually used - but keeping the type signature aligned avoids potential type mismatches.
Would that be ok with you?
There was a problem hiding this comment.
Just to confirm, I notice the the original Timelines DataProvider['and'] (and also the security solutions copy) also excludes itself from the type.
There was a problem hiding this comment.
Oh, you're actually right, I missed it. Fixed with Omit<> :) Thanks! 👍
| * This is a local definition to avoid direct dependency on @kbn/timelines-plugin. | ||
| * The structure is compatible with the timelines plugin's DataProvider type. | ||
| */ | ||
| export interface DataProvider { |
There was a problem hiding this comment.
Maybe name this something else so devs don't auto-import this type by mistake (via code editors) instead of the timelines one? @deprecated might also help warn devs.
There was a problem hiding this comment.
Good point, renamed to OsqueryDataProvider 👍
- Fix test description grammar in cases.cy.ts - Add return type to useAddToTimeline hook - Rename DataProvider → OsqueryDataProvider to avoid import confusion
…ern and prevent unnecessary recursion
|
/ci |
## Summary #250055 is removing the dependency `osquery => timelines`, which was forcing the `@kbn/timelines-plugin` to be part of _platform/shared_. The goal of this PR is to relocate the `@kbn/timelines-plugin` to _security/private_ (after the PR above is merged). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary elastic#250055 is removing the dependency `osquery => timelines`, which was forcing the `@kbn/timelines-plugin` to be part of _platform/shared_. The goal of this PR is to relocate the `@kbn/timelines-plugin` to _security/private_ (after the PR above is merged). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 3b61978)
…iew_cps * commit '5f7fec57cb01883038810bd735a0666683b49904': (116 commits) [Security Solution][Attacks/Alerts][Setup and miscellaneous] Advanced setting to control feature visibility (elastic#250157) (elastic#250830) Fix synthtrace `fetch` usage (elastic#250950) [APM] Add Nodes and Edges components and selection logic (elastic#250937) [Docs] Update alerting-settings.md and add serverless value for one parameter (elastic#250842) [Agent Builder] filestore: initial implementation (elastic#250043) [CPS] Support CPS in Vega ESQL (elastic#250693) Adjustments to cascade document esql helpers (elastic#250560) [Security Solutions] Trial Companion - adds ai chat and elastic agent detectors (elastic#250908) [Obs Presentation] Code Scanning Alert Fixes (elastic#250858) [performance] add return and refresh render scenarios to dashboard journeys (elastic#250939) skip failing test suite (elastic#245458) Add Cloud Forwarder onboarding tile to O11y Solution (elastic#250325) [Traces] Remove APM unified trace waterall embeddable registration (elastic#250808) [Discover] [Metrics] Fix: metrics grid titles do not update on order change (elastic#250963) [a11y] Fix Eui modal title annoucment (elastic#250459) [Cloud Security] [Fleet] Add cloud connector access scope for input or package level credential definitions (elastic#250280) [WorkplaceAI] SharePoint Online stack connector (elastic#248737) [Response Ops][Task Manager] Update functions do not handle API key invalidation (elastic#249109) [Osquery] Remove @kbn/timelines-plugin dependency from osquery plugin (elastic#250055) [One Discover][Logs UX] Update OpenTelemetry Semantic Conventions (elastic#250346) ...
## Summary elastic#250055 is removing the dependency `osquery => timelines`, which was forcing the `@kbn/timelines-plugin` to be part of _platform/shared_. The goal of this PR is to relocate the `@kbn/timelines-plugin` to _security/private_ (after the PR above is merged). --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR fixes a bug where
Add to timelinesfunctionality doesn't work in Osquery. It removes the dependency between Osquery and Timelines plugins. Timelines in Osquery is being used only from the Security Solution context - so we pass down Timelines logic through props. Instead of using it out of Osquery context (since the bug prevented this logic anyway, we were missing proper confiugration inkibana.jsoncfile)