In addition to a route for listing Credentials, this also adds a
utility function which helps create API routes which simply proxy
the App Search API.
The reasoning for this is as follows;
1. Creating new routes takes less effort and cognitive load if we
can simply just create proxy routes that use the APIs as is.
2. It keeps the App Search API as the source of truth. All logic is
implemented in the underlying API.
3. It makes unit testing routes much simpler. We do not need to verify
any connectivity to the underlying App Search API, because that is
already tested as part of the utility.
* KQL support in filter ratio in TSVB
Closes#67503
* Fix filter_ratio and filter_ratios tests
* fix JEST
* Refactor some code in filter_ratio, filter_ratios, filter_ratios.test
* Edit query value in filter_ratio and filter_ratios.test
* Refacor some code in filter_ratio.js and visualization_migrations.ts
* Remove duplications in vis_schema and refactor filter_ratio
* Refactor filter_ratio.js
* Update default query with getDefaultQuery()
* Fix filter_ratio and histogram_support tests
Co-authored-by: Alexey Antonov <alexwizp@gmail.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* bump ts to v4
* MOAR RAM
* fix type errors for OSS
* first pass on x-pack errors
* second pass on x-pack type errors
* 3rd pass on x-pack type-errors
* mute errors if complex cases
* don't delete if spread suffices
* mute other complex cases
* make User fields optional
* fix optional types
* fix tests
* fix typings for time_range
* fix type errors in x-pack/tests
* rebuild kbn-pm
* remove leftovers from master update
* fix alert tests
* [Telemetry Checker] TS4 Fixes
* bump to 4.0.1-rc
* fix new errors in master
* bump typescript-eslint to version supporting TS v4 syntax
* fix merge commit errors
* update to the stable TS version 4.0.2
* bump ts-eslint to version supporting ts v4
* fix typo
* fix type errors after merge
* update ts in another new package.json
* TEMP: remove me
* Revert "TEMP: remove me"
This reverts commit dc0fc3bae6.
* [Telemetry] Update snapshot for new TS4 SyntaxKind
* bump prettier to support TS v4 syntax
* fix prettier rules
* last style change
* fix new type errors
Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co>
* [Security Solution][Resolver] Word-break long titles in related event description lists
* word-break long titles at non-word boundaries
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
**Current behavior:**
- **Scenario 1:** User is in the exceptions viewer flow, they select to edit an exception item, but the list the item is associated with has since been deleted (let's say by another user) - a user is able to open modal to edit exception item and on save, an error toaster shows but no information is given to the user to indicate the issue.
- **Scenario 2:** User exports rules from space 'X' and imports into space 'Y'. The exception lists associated with their newly imported rules do not exist in space 'Y' - a user goes to add an exception item and gets a modal with an error, unable to add any exceptions.
- **Workaround:** current workaround exists only via API - user would need to remove the exception list from their rule via API
**New behavior:**
- **Scenario 1:** User is still able to oped edit modal, but on save they see an error explaining that the associated exception list does not exist and prompts them to remove the exception list --> now they're able to add exceptions to their rule
- **Scenario 2:** User navigates to exceptions after importing their rule, tries to add exception, modal pops up with error informing them that they need to remove association to missing exception list, button prompts them to do so --> now can continue adding exceptions to rule
* updates validation on 'from' param to prevent malformed datemath strings from being accepted
* fix imports
* copy paste is not my friend
* missed type check somehow
* forgot to mock common utils
* updates bodies for request validation tests
* Add new Workplace Search initial data properties
* Add app logic
* Refactor index to match App Search
Adds the easier-to-read ComponentConfigured and ComponentUnconfigured FCs with a ternary in the root compoenent
* Remove ‘Logic’ from interface names
* Extract initial data from WS into interface
This allows for breaking apart the app-specific data and also having an interface to extend in the app_logic file
* Destructuring FTW
* Trusted Apps initial setup for route registration
* Added types for TrustedApp entries
* trusted apps list API returns results
* use methods and const from latest PR merge to lists
* a quick generator for trusted apps entries
* support cli options for trusted app data loader
* Add mocked `createTrustedAppsList()` method to `ExceptionListClientMock`
* tests fro trusted apps route handlers
* tests for trusted apps schema
* Correct name of mock method
* Fix service to ensure return value of `getExceptionList` service throws if service not available
* Fix types
* Refactor TrustedApp type + code review feedback
Co-authored-by: Catherine Liu <catherine.liu@elastic.co>
Co-authored-by: Ryan Keairns <contactryank@gmail.com>
Co-authored-by: Catherine Liu <catherineqliu@outlook.com>
Co-authored-by: Michael Marcialis <michael.marcialis@elastic.co>
* rename uuid service to environment service
* adapt resolve_uuid to directly use the configurations
* move data folder creation to core
* update generated doc
* fix types
* fix monitoring tests
* move instanceUuid to plugin initializer context
* update generated doc
## Summary
Found in 7.9.0, if you post a rule with an action that has a missing "meta" then you are going to get errors in your UI that look something like:
```ts
An error occurred during rule execution: message: "Cannot read property 'kibana_siem_app_url' of null"
name: "Unusual Windows Remote User" id: "1cc27e7e-d7c7-4f6a-b918-8c272fc6b1a3"
rule id: "1781d055-5c66-4adf-9e93-fc0fa69550c9" signals index: ".siem-signals-default"
```
This fixes the accidental referencing of the null/undefined property and adds both integration and unit tests in that area of code.
If you have an action id handy you can manually test this by editing the json file of:
```ts
test_cases/queries/action_without_meta.json
```
to have your action id and then posting it like so:
```ts
./post_rule.sh ./rules/test_cases/queries/action_without_meta.json
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
**Current behavior:**
- **Scenario 1:** User is in the exceptions viewer flow, they select to edit an exception item, but the list the item is associated with has since been deleted (let's say by another user) - a user is able to open modal to edit exception item and on save, an error toaster shows but no information is given to the user to indicate the issue.
- **Scenario 2:** User exports rules from space 'X' and imports into space 'Y'. The exception lists associated with their newly imported rules do not exist in space 'Y' - a user goes to add an exception item and gets a modal with an error, unable to add any exceptions.
- **Workaround:** current workaround exists only via API - user would need to remove the exception list from their rule via API
**New behavior:**
- **Scenario 1:** User is still able to oped edit modal, but on save they see an error explaining that the associated exception list does not exist and prompts them to remove the exception list --> now they're able to add exceptions to their rule
- **Scenario 2:** User navigates to exceptions after importing their rule, tries to add exception, modal pops up with error informing them that they need to remove association to missing exception list, button prompts them to do so --> now can continue adding exceptions to rule
* Adding kql filter
* Adding filter support for the backend and tests
* Moving the filter to the body
* switching events and alerts api to post
* Removing unused import
* Adding tests for events api results being in descending order
* Switching frontend to use post for related events
* Reset chrome help extension while switching an app
* Reset other chrome fields
* Set docTitle in saved objects app
* Add unit tests
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Before this PR you can see event loop block times of:
```ts
formatIndexFields: 7986.884ms
```
After this PR you will see event loop block times of:
```ts
formatIndexFields: 85.012ms
```
within the file:
```ts
x-pack/plugins/security_solution/server/lib/index_fields/elasticsearch_adapter.ts
```
For the GraphQL query of `SourceQuery`/`IndexFields`
This also fixes the issue of `unknown` being returned to the front end by removing code that is no longer functioning as it was intended. Ensure during testing of this PR that blank/default and non exist indexes within `securitySolution:defaultIndex` still work as expected.
Before, notice the `unknown` instead of the `filebeat-*`:
<img width="733" alt="Screen Shot 2020-08-20 at 4 55 52 PM" src="https://user-images.githubusercontent.com/1151048/90949129-f5047900-e402-11ea-9278-b4c7bf5cd16d.png">
After:
<img width="830" alt="Screen Shot 2020-08-20 at 4 56 03 PM" src="https://user-images.githubusercontent.com/1151048/90949133-02b9fe80-e403-11ea-8504-f5bbe043048a.png">
An explanation of how to see the block times for before and after
---
For perf testing you first add timed testing to the file:
```ts
x-pack/plugins/security_solution/server/lib/index_fields/elasticsearch_adapter.ts
```
Before this PR, around lines 42:
```ts
console.time('formatIndexFields'); // <--- start timer
const fields = formatIndexFields(
responsesIndexFields,
Object.keys(indexesAliasIndices) as IndexAlias[]
);
console.timeEnd('formatIndexFields'); // <--- outputs the end timer
return fields;
```
After this PR, around lines 42:
```ts
console.time('formatIndexFields'); // <--- start timer
const fields = await formatIndexFields(responsesIndexFields, indices);
console.timeEnd('formatIndexFields'); // <--- outputs the end timer
return fields;
```
And then reload the security solutions application web page here:
```
http://localhost:5601/app/security/timelines/default
```
Be sure to load it _twice_ for testing as NodeJS will sometimes report better numbers the second time as it does optimizations after the first time it encounters some code paths.
You will begin to see numbers similar to this before this PR:
```ts
formatIndexFields: 2553.279ms
```
This indicates that it is blocking the event loop for ~2.5 seconds befofe this fix. If you add additional indexes to your `securitySolution:defaultIndex` indexes that have additional fields then this amount will increase exponentially. For developers using our test servers I created two other indexes called delme-1 and delme-2 with additional mappings you can add like below
```ts
apm-*-transaction*, auditbeat-*, endgame-*, filebeat-*, logs-*, packetbeat-*, winlogbeat-*, delme-1, delme-2
```
<img width="980" alt="Screen Shot 2020-08-21 at 8 21 50 PM" src="https://user-images.githubusercontent.com/1151048/90949142-211ffa00-e403-11ea-8ab2-f66de977dce3.png">
Then you are going to see times approaching 8 seconds of blocking the event loop like so:
```ts
formatIndexFields: 7986.884ms
```
After this fix on the first pass unoptimized it will report
```ts
formatIndexFields: 373.082ms
```
Then after it optimizes the code paths on a second page load it will report
```ts
formatIndexFields: 84.304ms
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios