[Security Solution][Detection Engine] removes feature flag for custom…

… highlighted fields edit in 8.16 (#188628) ## Summary Removes feature flag `bulkCustomHighlightedFieldsEnabled` for 8.16 --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
elastic · Jul 19, 2024 · 39a5515 · 39a5515
1 parent 6aaccd6
commit 39a5515
Show file tree

Hide file tree

Showing 16 changed files with 10 additions and 141 deletions.
diff --git a/...lution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts b/...lution/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen.ts
@@ -53,7 +53,6 @@ export const BulkActionsDryRunErrCode = z.enum([
   'MACHINE_LEARNING_AUTH',
   'MACHINE_LEARNING_INDEX_PATTERN',
   'ESQL_INDEX_PATTERN',
-  'INVESTIGATION_FIELDS_FEATURE',
   'MANUAL_RULE_RUN_FEATURE',
   'MANUAL_RULE_RUN_DISABLED_RULE',
 ]);

diff --git a/...n/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml b/...n/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.schema.yaml
@@ -78,7 +78,6 @@ components:
         - MACHINE_LEARNING_AUTH
         - MACHINE_LEARNING_INDEX_PATTERN
         - ESQL_INDEX_PATTERN
-        - INVESTIGATION_FIELDS_FEATURE
         - MANUAL_RULE_RUN_FEATURE
         - MANUAL_RULE_RUN_DISABLED_RULE
 

diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
@@ -429,7 +429,6 @@ export enum BulkActionsDryRunErrCode {
   MACHINE_LEARNING_AUTH = 'MACHINE_LEARNING_AUTH',
   MACHINE_LEARNING_INDEX_PATTERN = 'MACHINE_LEARNING_INDEX_PATTERN',
   ESQL_INDEX_PATTERN = 'ESQL_INDEX_PATTERN',
-  INVESTIGATION_FIELDS_FEATURE = 'INVESTIGATION_FIELDS_FEATURE',
   MANUAL_RULE_RUN_FEATURE = 'MANUAL_RULE_RUN_FEATURE',
   MANUAL_RULE_RUN_DISABLED_RULE = 'MANUAL_RULE_RUN_DISABLED_RULE',
 }

diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts
@@ -244,11 +244,6 @@ export const allowedExperimentalValues = Object.freeze({
    */
   valueListItemsModalEnabled: true,
 
-  /**
-   * Enables the new rule's bulk action to manage custom highlighted fields
-   */
-  bulkCustomHighlightedFieldsEnabled: false,
-
   /**
    * Enables the manual rule run
    */

diff --git a/...solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/...solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -1701,7 +1701,6 @@ components:
         - MACHINE_LEARNING_AUTH
         - MACHINE_LEARNING_INDEX_PATTERN
         - ESQL_INDEX_PATTERN
-        - INVESTIGATION_FIELDS_FEATURE
         - MANUAL_RULE_RUN_FEATURE
         - MANUAL_RULE_RUN_DISABLED_RULE
       type: string

diff --git a/...n/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/...n/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml
@@ -998,7 +998,6 @@ components:
         - MACHINE_LEARNING_AUTH
         - MACHINE_LEARNING_INDEX_PATTERN
         - ESQL_INDEX_PATTERN
-        - INVESTIGATION_FIELDS_FEATURE
         - MANUAL_RULE_RUN_FEATURE
         - MANUAL_RULE_RUN_DISABLED_RULE
       type: string

diff --git a/...ection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx b/...ection_engine/rule_management_ui/components/rules_table/bulk_actions/use_bulk_actions.tsx
@@ -14,7 +14,6 @@ import { euiThemeVars } from '@kbn/ui-theme';
 import React, { useCallback } from 'react';
 import { MAX_MANUAL_RULE_RUN_BULK_SIZE } from '../../../../../../common/constants';
 import type { TimeRange } from '../../../../rule_gaps/types';
-import { useIsExperimentalFeatureEnabled } from '../../../../../common/hooks/use_experimental_features';
 import { useKibana } from '../../../../../common/lib/kibana';
 import { convertRulesFilterToKQL } from '../../../../../../common/detection_engine/rule_management/rule_filtering';
 import { DuplicateOptions } from '../../../../../../common/detection_engine/rule_management/constants';
@@ -89,10 +88,6 @@ export const useBulkActions = ({
     actions: { clearRulesSelection, setIsPreflightInProgress },
   } = rulesTableContext;
 
-  const isBulkCustomHighlightedFieldsEnabled = useIsExperimentalFeatureEnabled(
-    'bulkCustomHighlightedFieldsEnabled'
-  );
-
   const getBulkItemsPopoverContent = useCallback(
     (closePopover: () => void): EuiContextMenuPanelDescriptor[] => {
       const selectedRules = rules.filter(({ id }) => selectedRuleIds.includes(id));
@@ -400,17 +395,13 @@ export const useBulkActions = ({
               disabled: isEditDisabled,
               panel: 1,
             },
-            ...(isBulkCustomHighlightedFieldsEnabled
-              ? [
-                  {
-                    key: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
-                    name: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
-                    'data-test-subj': 'investigationFieldsBulkEditRule',
-                    disabled: isEditDisabled,
-                    panel: 3,
-                  },
-                ]
-              : []),
+            {
+              key: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
+              name: i18n.BULK_ACTION_INVESTIGATION_FIELDS,
+              'data-test-subj': 'investigationFieldsBulkEditRule',
+              disabled: isEditDisabled,
+              panel: 3,
+            },
             {
               key: i18n.BULK_ACTION_ADD_RULE_ACTIONS,
               name: i18n.BULK_ACTION_ADD_RULE_ACTIONS,
@@ -584,7 +575,6 @@ export const useBulkActions = ({
       selectedRuleIds,
       hasActionsPrivileges,
       isAllSelected,
-      isBulkCustomHighlightedFieldsEnabled,
       loadingRuleIds,
       startTransaction,
       hasMlPermissions,

diff --git a/...rver/lib/detection_engine/rule_management/logic/bulk_actions/rule_params_modifier.test.ts b/...rver/lib/detection_engine/rule_management/logic/bulk_actions/rule_params_modifier.test.ts
@@ -10,9 +10,7 @@ import { BulkActionEditTypeEnum } from '../../../../../../common/api/detection_e
 import type { RuleAlertType } from '../../../rule_schema';
 import type { ExperimentalFeatures } from '../../../../../../common';
 
-const mockExperimentalFeatures = {
-  bulkCustomHighlightedFieldsEnabled: true,
-} as ExperimentalFeatures;
+const mockExperimentalFeatures = {} as ExperimentalFeatures;
 
 describe('addItemsToArray', () => {
   test('should add single item to array', () => {
@@ -731,68 +729,6 @@ describe('ruleParamsModifier', () => {
         }
       );
     });
-
-    describe('feature flag disabled state', () => {
-      test('should throw error on adding investigation fields if feature is disabled', () => {
-        expect(() =>
-          ruleParamsModifier(
-            {
-              ...ruleParamsMock,
-              investigationFields: ['field-1', 'field-2', 'field-3'],
-            } as RuleAlertType['params'],
-            [
-              {
-                type: BulkActionEditTypeEnum.add_investigation_fields,
-                value: { field_names: ['field-4'] },
-              },
-            ],
-            {
-              bulkCustomHighlightedFieldsEnabled: false,
-            } as ExperimentalFeatures
-          )
-        ).toThrow("Custom highlighted fields can't be added. Feature is disabled.");
-      });
-
-      test('should throw error on overwriting investigation fields if feature is disabled', () => {
-        expect(() =>
-          ruleParamsModifier(
-            {
-              ...ruleParamsMock,
-              investigationFields: ['field-1', 'field-2', 'field-3'],
-            } as RuleAlertType['params'],
-            [
-              {
-                type: BulkActionEditTypeEnum.set_investigation_fields,
-                value: { field_names: ['field-4'] },
-              },
-            ],
-            {
-              bulkCustomHighlightedFieldsEnabled: false,
-            } as ExperimentalFeatures
-          )
-        ).toThrow("Custom highlighted fields can't be overwritten. Feature is disabled.");
-      });
-
-      test('should throw error on deleting investigation fields if feature is disabled', () => {
-        expect(() =>
-          ruleParamsModifier(
-            {
-              ...ruleParamsMock,
-              investigationFields: ['field-1', 'field-2', 'field-3'],
-            } as RuleAlertType['params'],
-            [
-              {
-                type: BulkActionEditTypeEnum.delete_investigation_fields,
-                value: { field_names: ['field-1'] },
-              },
-            ],
-            {
-              bulkCustomHighlightedFieldsEnabled: false,
-            } as ExperimentalFeatures
-          )
-        ).toThrow("Custom highlighted fields can't be deleted. Feature is disabled.");
-      });
-    });
   });
 
   describe('timeline', () => {

diff --git a/...on/server/lib/detection_engine/rule_management/logic/bulk_actions/rule_params_modifier.ts b/...on/server/lib/detection_engine/rule_management/logic/bulk_actions/rule_params_modifier.ts
@@ -198,11 +198,6 @@ const applyBulkActionEditToRuleParams = (
     }
     // investigation_fields actions
     case BulkActionEditTypeEnum.add_investigation_fields: {
-      invariant(
-        experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
-        "Custom highlighted fields can't be added. Feature is disabled."
-      );
-
       if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
         isActionSkipped = true;
         break;
@@ -219,11 +214,6 @@ const applyBulkActionEditToRuleParams = (
       break;
     }
     case BulkActionEditTypeEnum.delete_investigation_fields: {
-      invariant(
-        experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
-        "Custom highlighted fields can't be deleted. Feature is disabled."
-      );
-
       if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
         isActionSkipped = true;
         break;
@@ -246,11 +236,6 @@ const applyBulkActionEditToRuleParams = (
       break;
     }
     case BulkActionEditTypeEnum.set_investigation_fields: {
-      invariant(
-        experimentalFeatures.bulkCustomHighlightedFieldsEnabled,
-        "Custom highlighted fields can't be overwritten. Feature is disabled."
-      );
-
       if (shouldSkipInvestigationFieldsBulkAction(ruleParams.investigationFields, action)) {
         isActionSkipped = true;
         break;

diff --git a/...security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/utils.ts b/...security_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/utils.ts
@@ -21,18 +21,3 @@ export const isIndexPatternsBulkEditAction = (editAction: BulkActionEditType) =>
   ];
   return indexPatternsActions.includes(editAction);
 };
-
-/**
- * helper utility that defines whether bulk edit action is related to investigation fields, i.e. one of:
- * 'add_investigation_fields', 'delete_investigation_fields', 'set_investigation_fields'
- * @param editAction {@link BulkActionEditType}
- * @returns {boolean}
- */
-export const isInvestigationFieldsBulkEditAction = (editAction: BulkActionEditType) => {
-  const investigationFieldsActions: BulkActionEditType[] = [
-    BulkActionEditTypeEnum.add_investigation_fields,
-    BulkActionEditTypeEnum.delete_investigation_fields,
-    BulkActionEditTypeEnum.set_investigation_fields,
-  ];
-  return investigationFieldsActions.includes(editAction);
-};
diff --git a/...ty_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts b/...ty_solution/server/lib/detection_engine/rule_management/logic/bulk_actions/validations.ts
@@ -17,7 +17,7 @@ import type {
 } from '../../../../../../common/api/detection_engine/rule_management';
 import { BulkActionEditTypeEnum } from '../../../../../../common/api/detection_engine/rule_management';
 import type { RuleAlertType } from '../../../rule_schema';
-import { isIndexPatternsBulkEditAction, isInvestigationFieldsBulkEditAction } from './utils';
+import { isIndexPatternsBulkEditAction } from './utils';
 import { throwDryRunError } from './dry_run';
 import type { MlAuthz } from '../../../../machine_learning/authz';
 import { throwAuthzError } from '../../../../machine_learning/validation';
@@ -140,7 +140,6 @@ export const dryRunValidateBulkEditRule = async ({
   rule,
   edit,
   mlAuthz,
-  experimentalFeatures,
 }: DryRunBulkEditBulkActionsValidationArgs) => {
   await validateBulkEditRule({
     ruleType: rule.params.type,
@@ -170,15 +169,4 @@ export const dryRunValidateBulkEditRule = async ({
       ),
     BulkActionsDryRunErrCode.ESQL_INDEX_PATTERN
   );
-
-  // check whether "custom highlighted fields" feature is enabled
-  await throwDryRunError(
-    () =>
-      invariant(
-        experimentalFeatures.bulkCustomHighlightedFieldsEnabled ||
-          !edit.some((action) => isInvestigationFieldsBulkEditAction(action.type)),
-        'Bulk custom highlighted fields action feature is disabled.'
-      ),
-    BulkActionsDryRunErrCode.INVESTIGATION_FIELDS_FEATURE
-  );
 };
diff --git a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts
@@ -84,7 +84,6 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
             'alertSuppressionForEsqlRuleEnabled',
             'riskScoringPersistence',
             'riskScoringRoutesEnabled',
-            'bulkCustomHighlightedFieldsEnabled',
             'alertSuppressionForMachineLearningRuleEnabled',
             'manualRuleRunEnabled',
           ])}`,

diff --git a/...tion_engine/rule_execution_logic/trial_license_complete_tier/configs/serverless.config.ts b/...tion_engine/rule_execution_logic/trial_license_complete_tier/configs/serverless.config.ts
@@ -18,7 +18,6 @@ export default createTestConfig({
       '/testing_regex*/',
     ])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
     `--xpack.securitySolution.enableExperimental=${JSON.stringify([
-      'bulkCustomHighlightedFieldsEnabled',
       'alertSuppressionForMachineLearningRuleEnabled',
       'alertSuppressionForEsqlRuleEnabled',
       'manualRuleRunEnabled',

diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts
@@ -46,7 +46,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         '--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
         `--xpack.securitySolution.enableExperimental=${JSON.stringify([
           'alertSuppressionForEsqlRuleEnabled',
-          'bulkCustomHighlightedFieldsEnabled',
           'alertSuppressionForMachineLearningRuleEnabled',
           'manualRuleRunEnabled',
         ])}`,

diff --git a/...ss/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts b/...ss/e2e/detection_response/rule_management/rule_actions/bulk_actions/bulk_edit_rules.cy.ts
@@ -578,8 +578,7 @@ describe('Detection rules, bulk edit', { tags: ['@ess', '@serverless'] }, () =>
     });
   });
 
-  // https://github.com/elastic/kibana/issues/182834
-  describe('Investigation fields actions', { tags: ['@skipInServerlessMKI'] }, () => {
+  describe('Investigation fields actions', () => {
     it('Add investigation fields to custom rules', () => {
       getRulesManagementTableRows().then((rows) => {
         const fieldsToBeAdded = ['source.ip', 'destination.ip'];

diff --git a/x-pack/test/security_solution_cypress/serverless_config.ts b/x-pack/test/security_solution_cypress/serverless_config.ts
@@ -36,7 +36,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         ])}`,
         `--xpack.securitySolution.enableExperimental=${JSON.stringify([
           'alertSuppressionForEsqlRuleEnabled',
-          'bulkCustomHighlightedFieldsEnabled',
           'alertSuppressionForMachineLearningRuleEnabled',
           'manualRuleRunEnabled',
         ])}`,