Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][Detection Engine] Fixes TypeScript types and adds format to time range query #62714

Merged
merged 14 commits into from
Apr 8, 2020
Merged

[SIEM][Detection Engine] Fixes TypeScript types and adds format to time range query #62714

merged 14 commits into from
Apr 8, 2020

Conversation

FrankHassanabad
Copy link
Contributor

@FrankHassanabad FrankHassanabad commented Apr 6, 2020
edited
Loading

Summary

  • Fixes the Type Script types so we don't have to use non-null-assertions
  • Adds null checks where needed
  • Changes the time range query to have a format of epoch to avoid mapping issues

Checklist

@FrankHassanabad FrankHassanabad requested a review from a team as a code owner April 6, 2020 21:59
@FrankHassanabad FrankHassanabad self-assigned this Apr 6, 2020
@FrankHassanabad FrankHassanabad added v8.0.0 v7.8.0 v7.7.0 release_note:skip Skip the PR/issue when compiling release notes labels Apr 6, 2020
FrankHassanabad
FrankHassanabad commented Apr 6, 2020
View reviewed changes
x-pack/legacy/plugins/siem/server/lib/detection_engine/rule_actions/utils.ts
alertThrottle: string | null;
} => ({
ruleThrottle: throttle ?? 'no_actions',
alertThrottle: ['no_actions', 'rule'].includes(throttle ?? 'no_actions') ? null : throttle,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@patrykkopycinski look here to make sure this is correct. After I made it so the tests were able to pass down null by changing the non-null type assertions it looked like everywhere the null could be sent down and I had to change all of these to accept null.

This made it to where I had to change this function slightly to work with both null and undefined

patrykkopycinski
patrykkopycinski approved these changes Apr 7, 2020
View reviewed changes
Copy link
Contributor

@patrykkopycinski patrykkopycinski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @FrankHassanabad 💪

dhurley14
dhurley14 approved these changes Apr 7, 2020
View reviewed changes
Copy link
Contributor

@dhurley14 dhurley14 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the extra work on typings and the refactors. LGTM!

rylnd
rylnd reviewed Apr 7, 2020
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment about snake case/camel case as I think we're inconsistent here. Not a blocker, but we should follow up after the next BC.

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

rylnd
rylnd reviewed Apr 7, 2020
View reviewed changes
Copy link
Contributor

@rylnd rylnd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more comments on variable casing. It's confusing!

...gacy/plugins/siem/server/lib/detection_engine/notifications/rules_notification_alert_type.ts
callCluster: services.callCluster,
});

const resultsLink = getNotificationResultsLink({
from: fromInMs,
to: toInMs,
id: ruleAlertSavedObject.id,
kibanaSiemAppUrl: ruleAlertParams.meta?.kibanaSiemAppUrl as string,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RuleAlertParams were all camelcase, previously (falsePositives, maxSignals, etc.)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but meta is something coming from the ui and the backend doesn't have much of an opinion about it other than to try to keep it snake case.

I am fine for now keeping this one inconsistency but over REST having snake case consistency. The others are transformed to snake case at least exiting. It might make things easier to use more snake case in spots like alerting params?

@FrankHassanabad
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@FrankHassanabad FrankHassanabad merged commit 5218e30 into elastic:master Apr 8, 2020
@FrankHassanabad FrankHassanabad deleted the type-changes branch April 8, 2020 01:37
This was referenced Apr 8, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rylnd rylnd rylnd left review comments

@dhurley14 dhurley14 dhurley14 approved these changes

@patrykkopycinski patrykkopycinski patrykkopycinski approved these changes

Assignees

@FrankHassanabad FrankHassanabad

Labels
release_note:skip Skip the PR/issue when compiling release notes v7.7.0 v7.8.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@FrankHassanabad @kibanamachine @rylnd @dhurley14 @patrykkopycinski @elasticmachine