-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution][Platform] - Add connectors to import/export API #148703
[Security Solution][Platform] - Add connectors to import/export API #148703
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
…import-export-connectors-with-rules
…github.com/WafaaNasr/kibana into 118774-import-export-connectors-with-rules
@elasticmachine merge upstream |
merge conflict between base and head |
const client = getClient({ includedHiddenTypes: ['action'] }); | ||
const actionsExporter = getExporter(client); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generic question about this route -- should we deprecate it?
The only reference I'm finding is within the old exportRules()
action, and that only has references in tests. Since we've moved over to the bulk_action
API for all our client-side export actions, is there any need to keep this API other than for compatibility? There are slight differences in functionality as you can specify file_name
and exclude_export_details
query params, which the bulk action API doesn't currently support, but just curious here if we should mark as deprecated since there are no internal uses and it would give us the opportunity to drop support down the road if we want.
@@ -34,6 +34,8 @@ import { importRulesRoute } from './route'; | |||
|
|||
jest.mock('../../../../../machine_learning/authz'); | |||
|
|||
// TODO add tests for connectors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you planning to add them for this PR, or a follow up? 👍 if you'd like to follow-up with an additional test-coverage PR -- would be nice to add a few more FTR tests covering connectors as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did already in this file x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts
which I found exactly the same as this file x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.test.ts
and the interesting thing is this file is not referenced at all, that's why I didn't add tests there and I wanted to ask if we need this file actually?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this file contains the jest unit tests against the route, whereas .../detection_engine_api_integration/security_and_spaces/group10/import_rules.ts
are the FTR (functional test runner) API integration tests that actually stand up a kibana/es instance to test the import e2e.
This file would be good for testing the basic route inputs and such (or any other conditional logic specific to the route itself), but the latter is best for testing the complete flow from request to response, so good to have both. For these unit tests, the only connector specific test you might want to add is around the new overwrite_action_connectors
query param that was added to the importQuerySchema
, but as you mention, this could be covered by the FTR tests as well.
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts
Show resolved
Hide resolved
...on/server/lib/detection_engine/rule_management/logic/import/action_connectors/utils/index.ts
Show resolved
Hide resolved
..._engine/rule_management/logic/import/action_connectors/import_rule_action_connectors.test.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checked out, tested locally, and did a high-level code review and LGTM! 👍 🚀 🙂
- I did add a few comments/questions for some future cleanup and additional tests, but no changes required in this PR.
- As a note, I did find two tangential issues ([Security Solution] Rule import error toast is too large to view title when many errors happen on import #149994, [Security Solution] Unable to view multiple errors toasts when rule import fails #149995) in testing, but they were pre-existing.
- Also, as mentioned in an above comment, rule import is currently broken (as of [Security Solution] Write and read Rule Execution Logs from rule instead of saved object #147035) since we're exporting additional fields that break validation on import, so I went ahead and patched that locally by returning
execution_summary: undefined
over ininternalRuleToAPIResponse()
so I could perform full e2e testing. - I went ahead and added the
needs_docs
label as a reminder that we'll need to update our API docs with this change
Overall looks great @WafaaNasr -- thank you for all your efforts here and getting our users closer to a one-click backup/recover workflow! 🙌 🙂
Thank you so much @spong for your very thorough review!! really appreciated 🙏🏻😊 |
@ARWNightingale do you have any objections to changing the last part of this warning message from This change would align the message with the one that displays when users perform a similar act on the Saved Objects page, which is importing a connector that needs configuration details re-applied or fixed. I think the consistent messaging can encourage the same behavior (i.e., go to the Connectors page to fix your connectors) and create a seamless experience for users whether they're receiving the warning from the Import rules modal or the Saved Objects page. cc: @WafaaNasr |
1. Warning message
4. Error messages
@nastasha-solomon thanks for the comments, please find the updated state per each item :) |
@elasticmachine merge upstream |
@nastasha-solomon I confirmed with @ARWNightingale that we are going to implement the same UI as in the Saved Object page, I will add the |
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Response Ops side looks good
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
History
To update your PR or re-run it, just comment with: cc @WafaaNasr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested locally, LGTM!
Great work!
@@ -589,6 +633,18 @@ export default ({ getService }: FtrProviderContext): void => { | |||
exceptions_errors: [], | |||
exceptions_success: true, | |||
exceptions_success_count: 0, | |||
action_connectors_success: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we have here action_connectors_success
but also action_connectors_errors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good question, actually, this test is not needed as per this discussion initially I added the default values of the exported connectors, just to mimic the exported file if no actions' connectors were exported.
…lastic#148703) ## Summary - [x] Addresses elastic#118774 - [x] Enable Security Rule to be **imported** even if one of its connectors has a missing secret - [x] Shows **Warning Callout** in the Import Modal when missing secrets connector is imported. - [x] Added Link `connectors` to the connectors page in the same tab, so that the user can fix imported connectors. - [x] Added `Overwrite existing connectors with conflicting action "id"` option to the Import Modal ## Cases: > **Export:** > - Export Rule(s) with connectors through `Export All` or `Bulk Actions` > > **Import:** > - Import Rule with correct connectors data > - Import Rule with missing secrets' connectors by showing a warning callout > - Re-Import connectors even if they were stored when overwrite is true > > **Error:** > - Showing an error message when the user has a Read Actions permission and stops the importing => ` You may not have actions privileges required to import rules with actions ...` > - Showing an error message when the user has an old imported rule missing all the connectors data **OR** these connectors were not in the user's env => `X connector is missing. Connector id missing is: X` > - Showing an error if the new connectors defined in the exported file are not corresponding to the actions array under the rules param => `X connector is missing. Connector id missing is: X` > - **Showing a ` conflict` error in case of existing connectors and re-importing again with an `overwrite` false => this won't happen in case of implementing the `Skipping action-connectors importing if all connectors have been imported/created before`** > > **Skip importing:** > - Skipping action-connectors importing if the `actions` array is empty, even if the user has exported-connectors in the file > - Skipping action-connectors importing if all connectors have been imported/created before > ### Screenshots > > **1. Importing Connectors successfully** > <img width="1219" alt="image" src="https://user-images.githubusercontent.com/12671903/216049657-a313033b-e45e-4c99-b6ca-ed3070f15a97.png"> > > **2. Importing Connectors with warnings** <img width="1208" alt="image" src="https://user-images.githubusercontent.com/12671903/216980057-b5cdfe38-da1b-479b-8cfd-81f16037ff1d.png"> **3.Connector Page** <img width="1701" alt="image" src="https://user-images.githubusercontent.com/12671903/216049911-da29abc8-e20c-49d2-a507-ab382372b4f6.png"> ## New text: @nastasha-solomon **1. Warning message** title => could be ` 1 connector imported` or `x connectors imported` message => ` 1 connector has sensitive information that requires updates. review in connectors` or `x connectors have sensitive information that requires updates. review in connectors` <img width="588" alt="image" src="https://user-images.githubusercontent.com/12671903/216103805-9946b080-07d3-4e8b-93aa-b5e1dcaa415d.png"> **2. New `Overwrite` checkbox** <img width="431" alt="image" src="https://user-images.githubusercontent.com/12671903/216106354-3d435d64-0fa5-467b-90f1-effb2c0aef2a.png"> **3. Success Toast message** <img width="434" alt="image" src="https://user-images.githubusercontent.com/12671903/216104454-2d83744b-efbc-40c1-9e69-7e8b0670dd19.png"> **4. Error messages** a. Missing import action privileges <img width="438" alt="image" src="https://user-images.githubusercontent.com/12671903/216116350-f306d744-eef4-4064-b4f8-e794db4ad78e.png"> b. Missing connectors <img width="353" alt="image" src="https://user-images.githubusercontent.com/12671903/216104979-370f6826-8150-45d5-8724-6ca50f99ad71.png"> <img width="357" alt="image" src="https://user-images.githubusercontent.com/12671903/216106067-e6132a93-d36e-4bdf-b1bf-e6ddd1cf8a4e.png"> - [x] References: Use **getImporter** and **getExporter** from Saved Object [Connectors SO import/export implementation](elastic#98802) , [Kibana-Core confirmation](https://elastic.slack.com/archives/C5TQ33ND8/p1673275186013589 ) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
…lastic#148703) ## Summary - [x] Addresses elastic#118774 - [x] Enable Security Rule to be **imported** even if one of its connectors has a missing secret - [x] Shows **Warning Callout** in the Import Modal when missing secrets connector is imported. - [x] Added Link `connectors` to the connectors page in the same tab, so that the user can fix imported connectors. - [x] Added `Overwrite existing connectors with conflicting action "id"` option to the Import Modal ## Cases: > **Export:** > - Export Rule(s) with connectors through `Export All` or `Bulk Actions` > > **Import:** > - Import Rule with correct connectors data > - Import Rule with missing secrets' connectors by showing a warning callout > - Re-Import connectors even if they were stored when overwrite is true > > **Error:** > - Showing an error message when the user has a Read Actions permission and stops the importing => ` You may not have actions privileges required to import rules with actions ...` > - Showing an error message when the user has an old imported rule missing all the connectors data **OR** these connectors were not in the user's env => `X connector is missing. Connector id missing is: X` > - Showing an error if the new connectors defined in the exported file are not corresponding to the actions array under the rules param => `X connector is missing. Connector id missing is: X` > - **Showing a ` conflict` error in case of existing connectors and re-importing again with an `overwrite` false => this won't happen in case of implementing the `Skipping action-connectors importing if all connectors have been imported/created before`** > > **Skip importing:** > - Skipping action-connectors importing if the `actions` array is empty, even if the user has exported-connectors in the file > - Skipping action-connectors importing if all connectors have been imported/created before > ### Screenshots > > **1. Importing Connectors successfully** > <img width="1219" alt="image" src="https://user-images.githubusercontent.com/12671903/216049657-a313033b-e45e-4c99-b6ca-ed3070f15a97.png"> > > **2. Importing Connectors with warnings** <img width="1208" alt="image" src="https://user-images.githubusercontent.com/12671903/216980057-b5cdfe38-da1b-479b-8cfd-81f16037ff1d.png"> **3.Connector Page** <img width="1701" alt="image" src="https://user-images.githubusercontent.com/12671903/216049911-da29abc8-e20c-49d2-a507-ab382372b4f6.png"> ## New text: @nastasha-solomon **1. Warning message** title => could be ` 1 connector imported` or `x connectors imported` message => ` 1 connector has sensitive information that requires updates. review in connectors` or `x connectors have sensitive information that requires updates. review in connectors` <img width="588" alt="image" src="https://user-images.githubusercontent.com/12671903/216103805-9946b080-07d3-4e8b-93aa-b5e1dcaa415d.png"> **2. New `Overwrite` checkbox** <img width="431" alt="image" src="https://user-images.githubusercontent.com/12671903/216106354-3d435d64-0fa5-467b-90f1-effb2c0aef2a.png"> **3. Success Toast message** <img width="434" alt="image" src="https://user-images.githubusercontent.com/12671903/216104454-2d83744b-efbc-40c1-9e69-7e8b0670dd19.png"> **4. Error messages** a. Missing import action privileges <img width="438" alt="image" src="https://user-images.githubusercontent.com/12671903/216116350-f306d744-eef4-4064-b4f8-e794db4ad78e.png"> b. Missing connectors <img width="353" alt="image" src="https://user-images.githubusercontent.com/12671903/216104979-370f6826-8150-45d5-8724-6ca50f99ad71.png"> <img width="357" alt="image" src="https://user-images.githubusercontent.com/12671903/216106067-e6132a93-d36e-4bdf-b1bf-e6ddd1cf8a4e.png"> - [x] References: Use **getImporter** and **getExporter** from Saved Object [Connectors SO import/export implementation](elastic#98802) , [Kibana-Core confirmation](https://elastic.slack.com/archives/C5TQ33ND8/p1673275186013589 ) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <[email protected]>
Summary
connectors
to the connectors page in the same tab, so that the user can fix imported connectors.Overwrite existing connectors with conflicting action "id"
option to the Import ModalCases:
Screenshots
3.Connector Page
New text: @nastasha-solomon
1. Warning message
title => could be
1 connector imported
orx connectors imported
message =>
1 connector has sensitive information that requires updates. review in connectors
orx connectors have sensitive information that requires updates. review in connectors
2. New
Overwrite
checkbox3. Success Toast message
4. Error messages
a. Missing import action privileges
b. Missing connectors