Skip to content

Allow security_rule objects to have rule IDs different from the object IDs#463

Merged
mrodm merged 1 commit intoelastic:mainfrom
xcrzx:security-rule-ids
Jan 18, 2023
Merged

Allow security_rule objects to have rule IDs different from the object IDs#463
mrodm merged 1 commit intoelastic:mainfrom
xcrzx:security-rule-ids

Conversation

@xcrzx
Copy link
Copy Markdown
Contributor

@xcrzx xcrzx commented Jan 16, 2023
edited
Loading

What does this PR do?

Change validation check that enforces saved object ID to match rule_id for security solution prebuilt detection rules. Allow saved object IDs to have arbitrary suffixes.

Why is it important?

Security Solution migrates the detection rules package from storing a single saved object per rule to multiple saved objects. See elastic/kibana#137420 for more context regarding the change.

The package will contain rule saved objects with rule id and version in the name (security_rule/[ruleId]_[ruleVersion].json) with the following content:

{
  "id": "[ruleId]_[ruleVersion]",
  "type": "security-rule",
  "attributes": {
    "rule_id": "[ruleId]",
    "version": "[ruleVersion]",
    // Other rule attributes
  }
}

So the saved object ID and the rule ID do not match anymore, making this validation check always return an error.

Checklist

Related issues

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jan 16, 2023
edited
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-01-17T17:38:38.161+0000

  • Duration: 8 min 54 sec

Test stats 🧪

Test Results
Failed 0
Passed 682
Skipped 0
Total 682

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@xcrzx xcrzx force-pushed the security-rule-ids branch from 0cc0050 to e46da14 Compare January 16, 2023 14:25
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Jan 16, 2023
edited
Loading

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (7/7) 💚
Files 68.0% (17/25) 👍
Classes 76.471% (26/34) 👍
Methods 56.075% (60/107) 👍
Lines 41.933% (538/1283) 👎 -0.296
Conditionals 100.0% (0/0) 💚

@xcrzx xcrzx marked this pull request as ready for review January 16, 2023 14:44
@xcrzx xcrzx requested a review from a team as a code owner January 16, 2023 14:44
@xcrzx xcrzx force-pushed the security-rule-ids branch from e46da14 to 60354cb Compare January 17, 2023 12:43
@xcrzx xcrzx self-assigned this Jan 17, 2023
banderror
banderror previously approved these changes Jan 17, 2023
View reviewed changes
Copy link
Copy Markdown

@banderror banderror left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mrodm
mrodm reviewed Jan 17, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@mrodm mrodm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a note about avoiding possible panics in some type assertions.

@xcrzx xcrzx force-pushed the security-rule-ids branch from 60354cb to 0c9b8f7 Compare January 17, 2023 17:31
@xcrzx xcrzx force-pushed the security-rule-ids branch from 0c9b8f7 to 886dc69 Compare January 17, 2023 17:38
@xcrzx xcrzx requested a review from mrodm January 17, 2023 17:39
mrodm
mrodm approved these changes Jan 17, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@mrodm mrodm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

LGTM! 👍

spong
spong approved these changes Jan 18, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for adding in the .HasPrefix() check @xcrzx 🙂

@xcrzx
Copy link
Copy Markdown
Contributor Author

xcrzx commented Jan 18, 2023

@mrodm It seems like this PR has all the required approves. How could I merge it? The merge button is inactive, saying, You're not authorized to merge this pull request.

@mrodm
Copy link
Copy Markdown
Contributor

mrodm commented Jan 18, 2023

@mrodm It seems like this PR has all the required approves. How could I merge it? The merge button is inactive, saying, You're not authorized to merge this pull request.

@xcrzx As all the required approves are there, I'll merge it.

@mrodm mrodm merged commit 6056037 into elastic:main Jan 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spong spong spong approved these changes

@mrodm mrodm mrodm approved these changes

@banderror banderror banderror left review comments

Assignees

@xcrzx xcrzx

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Change Proposal] Allow security_rule objects to have rule IDs different from the object IDs

5 participants

@xcrzx @elasticmachine @mrodm @spong @banderror