[security solution] only import beat_schema when needed (#78708)

Co-authored-by: spalger <spalger@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-09-30 12:15:14 -07:00 · 2020-09-30 12:15:14 -07:00 · c9c30b0cb1
parent 82cad2cb90
commit c9c30b0cb1
2 changed files with 18 additions and 6 deletions
--- a/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.test.ts
@ -8,6 +8,7 @@ import { sortBy } from 'lodash/fp';

 import { formatIndexFields, formatFirstFields, formatSecondFields, createFieldItem } from './index';
 import { mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField } from './mock';
+import { fieldsBeat as beatFields } from '../../utils/beat_schema/fields';

 describe('Index Fields', () => {
  describe('formatIndexFields', () => {
@ -16,6 +17,7 @@ describe('Index Fields', () => {
        sortBy(
          'name',
          await formatIndexFields(
+            beatFields,
            [mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField],
            ['auditbeat', 'filebeat', 'packetbeat']
          )
@ -167,6 +169,7 @@ describe('Index Fields', () => {
  describe('formatFirstFields', () => {
    test('Basic functionality', async () => {
      const fields = await formatFirstFields(
+        beatFields,
        [mockAuditbeatIndexField, mockFilebeatIndexField, mockPacketbeatIndexField],
        ['auditbeat', 'filebeat', 'packetbeat']
      );
@ -749,6 +752,7 @@ describe('Index Fields', () => {
  describe('createFieldItem', () => {
    test('Basic functionality', () => {
      const item = createFieldItem(
+        beatFields,
        ['auditbeat'],
        {
          name: '_id',
--- a/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.ts
+++ b/x-pack/plugins/security_solution/server/search_strategy/index_fields/index.ts
@ -12,14 +12,18 @@ import {
  IndexFieldsStrategyResponse,
  IndexField,
  IndexFieldsStrategyRequest,
+  BeatFields,
 } from '../../../common/search_strategy/index_fields';

-import { fieldsBeat } from '../../utils/beat_schema/fields';
-
 export const securitySolutionIndexFieldsProvider = (): ISearchStrategy<
  IndexFieldsStrategyRequest,
  IndexFieldsStrategyResponse
 > => {
+  // require the fields once we actually need them, rather than ahead of time, and pass
+  // them to createFieldItem to reduce the amount of work done as much as possible
+  // eslint-disable-next-line @typescript-eslint/no-var-requires
+  const beatFields: BeatFields = require('../../utils/beat_schema/fields').fieldsBeat;
+
  return {
    search: async (context, request) => {
      const { elasticsearch } = context.core;
@ -41,6 +45,7 @@ export const securitySolutionIndexFieldsProvider = (): ISearchStrategy<

      if (!request.onlyCheckIfIndicesExist) {
        indexFields = await formatIndexFields(
+          beatFields,
          responsesIndexFields.filter((rif) => rif !== false) as FieldDescriptor[][],
          dedupeIndices
        );
@ -116,6 +121,7 @@ const missingFields: FieldDescriptor[] = [
 * @param indexesAliasIdx The index within the alias
 */
 export const createFieldItem = (
+  beatFields: BeatFields,
  indexesAlias: string[],
  index: FieldDescriptor,
  indexesAliasIdx: number
@ -126,7 +132,7 @@ export const createFieldItem = (
    splitIndexName[splitIndexName.length - 1] === 'text'
      ? splitIndexName.slice(0, splitIndexName.length - 1).join('.')
      : index.name;
-  const beatIndex = fieldsBeat[indexName] ?? {};
+  const beatIndex = beatFields[indexName] ?? {};
  if (isEmpty(beatIndex.category)) {
    beatIndex.category = splitIndexName[0];
  }
@ -151,6 +157,7 @@ export const createFieldItem = (
 * @param indexesAlias The index aliases such as filebeat-*
 */
 export const formatFirstFields = async (
+  beatFields: BeatFields,
  responsesIndexFields: FieldDescriptor[][],
  indexesAlias: string[]
 ): Promise<IndexField[]> => {
@ -160,11 +167,11 @@ export const formatFirstFields = async (
        responsesIndexFields.reduce(
          (accumulator: IndexField[], indexFields: FieldDescriptor[], indexesAliasIdx: number) => {
            missingFields.forEach((index) => {
-              const item = createFieldItem(indexesAlias, index, indexesAliasIdx);
+              const item = createFieldItem(beatFields, indexesAlias, index, indexesAliasIdx);
              accumulator.push(item);
            });
            indexFields.forEach((index) => {
-              const item = createFieldItem(indexesAlias, index, indexesAliasIdx);
+              const item = createFieldItem(beatFields, indexesAlias, index, indexesAliasIdx);
              accumulator.push(item);
            });
            return accumulator;
@ -224,10 +231,11 @@ export const formatSecondFields = async (fields: IndexField[]): Promise<IndexFie
 * @param indexesAlias The index alias
 */
 export const formatIndexFields = async (
+  beatFields: BeatFields,
  responsesIndexFields: FieldDescriptor[][],
  indexesAlias: string[]
 ): Promise<IndexField[]> => {
-  const fields = await formatFirstFields(responsesIndexFields, indexesAlias);
+  const fields = await formatFirstFields(beatFields, responsesIndexFields, indexesAlias);
  const secondFields = await formatSecondFields(fields);
  return secondFields;
 };