example 2 - rule packaging assets include metadata only

elastic · Jan 8, 2024 · 0402dc2 · 0402dc2
1 parent 3bc8df6
commit 0402dc2
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 27 deletions.
diff --git a/detection_rules/packaging.py b/detection_rules/packaging.py
@@ -169,7 +169,8 @@ def get_consolidated(self, as_api=True):
         """Get a consolidated package of the rules in a single file."""
         full_package = []
         for rule in self.rules:
-            full_package.append(rule.contents.to_api_format() if as_api else rule.contents.to_dict())
+            full_package.append(rule.contents.to_api_format(include_metadata=True)
+                                if as_api else rule.contents.to_dict())
 
         return json.dumps(full_package, sort_keys=True)
 

diff --git a/detection_rules/rule.py b/detection_rules/rule.py
@@ -74,22 +74,6 @@ def get_validation_stack_versions(self) -> Dict[str, dict]:
         stack_versions = get_stack_schemas(self.min_stack_version)
         return stack_versions
 
-    @validates_schema
-    def validate_date_format(self, data, **kwargs):
-        """Validate that the date fields are in the correct ISO 8601 format."""
-        invalid_fields = []
-
-        for field, value in data.items():
-            if field.endswith('_date') and value:
-                try:
-                    datetime.strptime(value, '%Y-%m-%d')
-                except ValueError:
-                    invalid_fields.append(field)
-
-        if invalid_fields:
-            raise ValidationError(
-                f"Invalid date format for {', '.join(invalid_fields)}. Please use ISO 8601 format."
-            )
 
 @dataclass(frozen=True)
 class RuleTransform(MarshmallowDataclassMixin):
@@ -1002,9 +986,6 @@ def _post_dict_conversion(self, obj: dict) -> dict:
         # rule type transforms
         self.data.transform(obj) if hasattr(self.data, 'transform') else False
 
-        # rule dates
-        self._convert_add_date_fields(obj, self.metadata.to_dict())
-
         return obj
 
     def _convert_add_related_integrations(self, obj: dict) -> None:
@@ -1109,12 +1090,6 @@ def _convert_get_setup_content(self, note_tree: list) -> str:
 
         return "".join(setup).strip()
 
-    def _convert_add_date_fields(self, obj: dict, metadata: dict) -> None:
-        """Add metadata date fields to the obj."""
-        for field_name in ["creation_date", "updated_date"]:
-            if field_name not in obj:
-                obj.setdefault(field_name, metadata[field_name])
-
     def check_explicit_restricted_field_version(self, field_name: str) -> bool:
         """Explicitly check restricted fields against global min and max versions."""
         min_stack, max_stack = BUILD_FIELD_VERSIONS[field_name]
@@ -1234,7 +1209,8 @@ def name(self):
 
     def get_asset(self) -> dict:
         """Generate the relevant fleet compatible asset."""
-        return {"id": self.id, "attributes": self.contents.to_api_format(), "type": definitions.SAVED_OBJECT_TYPE}
+        return {"id": self.id, "attributes": self.contents.to_api_format(include_metadata=True),
+                "type": definitions.SAVED_OBJECT_TYPE}
 
     def save_toml(self):
         assert self.path is not None, f"Can't save rule {self.name} (self.id) without a path"