* Adding tests for dns pipeline in the endpoint package
* Adding test to make sure non dns events are ingested correctly
* Bring the docker container with the new endpoint package
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Added ui for alert failures banner
* Added UI for alerts statuses
* Adjusted form
* Added banned on the details page
* Fixed failing intern. check and type checks
* Added unit test for displaying alert error banner
* Fixed type check
* Fixed due to comments
* Changes due to comments
* Fixed due to comments
* Fixed text on banners
* Added i18n translations
* init tests
* Untitled Timeline created
* remove console
* fix from server side
* set timeline status to draft if created by saving notes
* add unit test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* adds new 'can_read_actions' property to privileges api
* only display rule actions piece if user has 'read' privileges for actions
* display dropdown with custom text telling user they do not have read privileges for actions
* fixes type error
* update tests
* utilize application capabilities instead of making a server request
* remove changes to route tests
* don't show form unless user has read permissions for actions, display text saying user is missing required privileges
* pr feedback: refactor logic for rendering form fields
* Finish adding .lower to exceptionable fields
* Add back migrations
* .lower -> .caseless
* Add separate field for os type
* updates
* Type updates
* Switch over to osTypes
* get rid of _tags
* Add tests for schema validation
* Remove remaining references to _tags
* Another round of test fixes
* DefaultArray tests
* More test fixes
* Fix remaining test failures
* types / tests
* more test updates
* lowercase os values
* Address feedback + fix test failure
* tests
* Fix integration test
* process.executable.path -> process.executable.caseless
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* Make flyout size `m` + condition entry value should be 100% wide
* Condition entry and group components support for small screens
* Adjust spacing below each entry in the condition group
* Move `AND` button to the condition group + style it to design mock
* Refactored store code to group properties related to location so that would be easy to introduce a new view type parameter.
* Added view type to the location and routing.
* Fixed type errors.
* Fixed and completed tests.
* WIP: Adding new route for EQL Validation
This is mostly boilerplate with some rough parameter definitions; the
actual implementation of the validation is going to live in our
validateEql function.
A few tests are failing as the mocks haven't yet been implemented, I
need to see the shape of the responses first.
* Cherry-pick Marshall's EQL types
* Implements actual EQL validation
* Performs an EQL search
* filters out non-parsing errors, and returns what remains in the
response
* Adds mocks for empty EQL responses (we don't yet have a need for
mocked data, but we will when we unit-test validateEql)
* Adds validation calls to the EQL form input
* Adds EQL Validation response schema,mocks,tests
* Adds frontend function to call our validation endpoint
* Adds hook, useEqlValidation, to call the above function and return
state
* Adds labels/help text for EQL Query bar
* EqlQueryBar consumes useEqlValidation and marks the field as invalid,
but does not yet report errors.
* Do not call the validation API if query is not present
This causes a broader error that results in a 400 response; we can (and
do) handle the case of a blank query in the form itself.
* Remove EQL Help Text
It doesn't add any information for the user, and it currently looks bad
when combined with validation errors.
* Flesh out and use our popover for displaying validation errors
* Fixes issue where old errors were persisted after the user had made
modifications
* Include verification_exception errors as validation errors
These include errors related to index fields and mappings.
* Generalize our validation helpers
We're concerned with validation errors; the source of those errors is an
implementation detail of these functions.
* Move error popover and EQL reference link to footer
This more closely resembles the new Eui Markdown editor, which places
errors and doc links in a footer.
* Fix jest tests following additional prop
* Add icon for EQL Rule card
* Fixes existing EqlQueryBar tests
These were broken by our use of useAppToasts and the EUI theme.
* Add unit tests around error rendering on EQL Query Bar
* Add tests for ErrorPopover
* Remove unused schema type
Decode doesn't do any additional processing, so we can use t.TypeOf here
(the default for buildRouteValidation).
* Remove duplicated header
* Use ignore parameter to prevent EQL validations from logging errors
Without `ignore: [400]` the ES client will log errors and then throw
them. We can catch the error, but the log is undesirable.
This updates the query to use the ignore parameter, along with updating
the validation logic to work with the updated response.
Adds some mocks and tests around these responses and helpers, since
these will exist independent of the validation implementation.
* Include mapping_exceptions during EQL query validation
These include errors for inaccessible indexes, which should be useful to
the rule writer in writing their EQL query.
* Display toast messages for non-validation messages
* fix type errors
This type was renamed.
* Do not request data in our validation request
By not having the cluster retrieve/send any data, this should saves us
a few CPU cycles.
* Move EQL validation to an async form validator
Rather than invoking a custom validation hook (useEqlValidation) at custom times (onBlur) in our EqlQueryBar
component, we can instead move this functionality to a form validation
function and have it be invoked automatically by our form when values
change. However, because we still need to handle the validation messages
slightly differently (place them in a popover as opposed to an
EuiFormRow), we also need custom error retrieval in the form of
getValidationResults.
After much pain, it was determined that the default behavior of
_.debounce does not work with async validator functions, as a debounced
call will not "wait" for the eventual invocation but will instead return
the most recently resolved value. This leads to stale validation
results and terrible UX, so I wrote a custom function (debounceAsync)
that behaves like we want/need; see tests for details.
* Invalidate our query field when index patterns change
Since EQL rules actually validate against the relevant indexes, changing
said indexes should invalidate/revalidate the query.
With the form lib, this is beautifully simple :)
* Set a min-height on our EQL textarea
* Remove unused prop from EqlQueryBar
Index corresponds to the value from the index field; now that our EQL
validation is performed by the form we have no need for it here.
* Update EQL overview link to point to elasticsearch docs
Adds an entry in our doclinks service, and uses that.
* Remove unused prop from stale tests
* Update docLinks documentation with new EQL link
* Fix bug where saved query rules had no type selected on Edit
* Wait for kibana requests to complete before moving between rule tabs
With our new async validation, a user can quickly navigate away from the
Definition tab before the validation has completed, resulting in the
form being invalidated. Any subsequent user actions cause the form to
correct itself, but until I can find a better solution here this really
just gives the validation time to complete and sidesteps the issue.
Removes the `npStart` legacy singleton used during the migration to the new platform. The singleton was used in API calls to access the `http.fetch` service. To remove the singleton we have injected `fetch` as a dependency in all functions.