* Move common ML types and functions into siem/common
These revolve around capabilities/permissions checks which were
previously only used on the client. Now that we have need to make
similar checks on the server, we can/should move these up to be shared.
* Use ML's Capabilities type in lieu of our own
There was already some drift between these types preventing our
helpers from being used with the ML services; this will prevent further
drift.
* Add authorization helpers for ML
Some of this responsibility will move to ML services in the near future,
but for now we still need to restrict SIEM users from performing certain
actions.
* Use mlAuthz on our import rule route
The tests were a little tricky because the use of spyOn/clear was
preventing (rather, clearing the mocks from) the use of jest.mock().
I found a workaround with mockRestore(), which was easy to verify
because the mock would throw an error if it wasn't removed, and we'd
import multiple rules if a default mock was used.
The threading through of ML can go away if/when ML adds their services
to the request handler context.
* Add mlAuthz checks to remaining rule routes
* Remove validateLicenseForRuleType
This is now unused and redundant with the mlAuthz module.
* Fix failing tests
These were missed when the helpers were moved to common/, but are also
unneeded.
* Cleanup: fixing type errors
* Clean up some types from ML
A recent upstream refactor in ML added top-level exports; this uses them
where possible.
* Refactor mlAuthz to defer authz validation until validator is called
This prevents us from unnecessarily calling ml services if e.g. we're
not dealing with an ML rule.
This also adds a failing test for the next-to-be-implemented feature:
cashing the async validation for subsequent validator calls.
* Cache validation promise
The purpose of the `buildMlAuthz` function is to store state (request,
license, ml). Since `validateMlAuthz` should be idempotent for the
duration of this object's lifecycle, we should cache the result the
first time we call it; this is effectively memoization since the
arguments do not change.
* Make our result caching more explicit
Extracts a caching helper function.
* Add additional unit tests around some edge cases
This is the best form of documentation, thanks Frank!
* Remove redundant test setup
* Empty messages are invalid
If we somehow generate an empty message string, the validation should
fail as we were attempting to assign _something_ as a failure message.
* Fix validity logic
valid: message !== null was the opposite of what I wanted; a validation
is valid if it has no message (i.e. it's undefined).
* Prevent patching of ML rules by non-ML admins
This required refactoring patchRules to accept the rule to be patched,
so that we can check its attributes before performing the update.
* Fix our update_prepackaged_rules route
patchRules no longer does the fetch; we need to perform this ourselves.
* Fix update_prepackaged_rules tests
This notably synchronizes the entirety of the updates, as our tests were
failing due to the asynchronous nature of the updates.
* Remove id and ruleId from patchRules parameters
Instead of fetching the rule within patchRules, we now pass it in.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* [Reporting/Test] Add Functional test for download CSV
* add todo
* add fs.existsSync check to find download
* debug
* handle timeout
* validate toast
* different way of getting repo_root
* don't register any features in LP. breaks features value reading in KP
* move test plugin to NP
* fix mappings
* update docs
* migrate another test
* use contstants file for BWC with original code
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* remove dateline check for geo_shape queries
* fix jest test
* split bounding box
* replace convertMapExtentToPolygon with formatEnvelopeAsPolygon
* clamp latitudes
* use clampToLatBounds
* use single box where left lon is greater then right lon when crossing 180 meridian
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
The map anomlies rings display was working on the global map and on the focused service of a focused map, but not on the other services on a focused map.
This is because we were adding the anomlies to the list of services from the initial query, but not to the list of services derived from the connections data.
Make the transformation that add anomalies happen after the derived services nodes are added.
This is done in the function that was called `dedupeConnections`, but since it does much more than dedupe connections has been renamed to `transformServiceMapResponses`.
Also make the node types extend `cytoscape.NodeDataDefinition` in order to simplify the types in the transformation (we were adding `& { id: string }` in some places which this replaces.)
Fixes#65403.
* [Metrics UI] Fix p95/p99 charts and alerting error
- Fixes#65561
* Fixing open in visualize for percentiles
* Adding test for P95; refactoring to use first consitently
* [ML] Add anomaly job timing stats to Counts & JSON
* [ML] Remove roundTo3DecimalPlace and clean up
* [ML] Fix format_values to round decimals for time values
* [ML] Remove timing_stats and forecast_stats from cloneJob
* [ML] Remove timing_stats & forecasts in job_service instead of utils
## Summary
Fixes [a CSS issue where Timeline field truncation](https://github.com/elastic/kibana/issues/65170) wasn't working, per the following screenshots:
### Before
<img width="1083" alt="before" src="https://user-images.githubusercontent.com/4459398/81349357-16706d80-907d-11ea-8051-7f2db803d701.png">
### After
<img width="1078" alt="after" src="https://user-images.githubusercontent.com/4459398/81349372-1b352180-907d-11ea-8ac7-8bde3f10394f.png">
## Desk testing
* The timeline in the _Before_ and _After_ screenshots above includes columns that typically contain large values (e.g. `process.hash.sha256`). It also contains the `event.module` column, which has special formatting, as detailed below.
* You may re-create the timeline shown in the _Before_ and _After_ screenshots, or download the exported timeline from the following link [truncation.ndjson.txt](https://github.com/elastic/kibana/files/4596036/truncation.ndjson.txt) and import it. (Remove the `.txt` extension after downloading it.)
* The `event.module` field has special formatting that displays an icon link to the endpoint if it's been configured. To desk test this without configuring an endpoint, edit `x-pack/plugins/siem/public/components/timeline/body/renderers/formatted_field_helpers.tsx`, and change the following line:
```
{endpointRefUrl != null && canYouAddEndpointLogo(moduleName, endpointRefUrl) && (
```
to
```
{true && (
```
The above change forces the icon to always appear, even if you don't have an endpoint configured.
### Desk tested in:
- Chrome `81.0.4044.138`
- Firefox `76.0`
- Safari `13.1`
* Deangularize the hits counter and create a react component
* Add aria-label to button for accessibility
* Add icon to the link button and use EuiText
* Remove snapshots and test with findTestSubject
* Change toString with String()
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Add test attributes and missing aria labels to uptime UI code.
* Add uptime a11y tests and associated helper functions.
* Append a11y test instructions to uptime README.
* Update some copy on README page.
Refresh outdated snapshot.
* Add test for alert popover on overview page.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
