[Security Solution] Extend the /upgrade/_review endpoint contract and functionality

[jpdjere]

Resolves: #180153
Resolves: #188277

Summary

• Extend the POST /upgrade/_review API endpoint's contract and functionality

• Changes has_conflict property within each rule field's ThreeWayDiff from boolean to enum with possible values:

  • NONE: no conflicts in three way diff
  • SOLVABLE: conflict detected but was successfully resolved by our algorithms
  • NON_SOLVABLE: conflict detected and could not be resolved by our algorithms.

• Adds has_base_version boolean field within each field diff calculation. Has values:

  • true: the base version of the field was found and is either defined or undefined
  • false: the base version of the field was not found

• The possible values for has_conflict for each concrete diff algorithm are:

  • single line strings: NO, NON_SOLVABLE
  • multi line strings: NO, SOLVABLE, NON_SOLVABLE
  • numbers: NO, NON_SOLVABLE
  • array of scalar values: NO, SOLVABLE

• Adds new logic to handle [Security Solution] Updates diff outcome logic to return CustomizedValueCanUpdate on scenario -AB #186435 (comment)

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[jpdjere]

/ci

[jpdjere]

/ci

[jpdjere]

/ci

[jpdjere]

/ci

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[dplumlee]

This looks good for the most part @jpdjere! Just left one comment about naming and we can figure out how to sync with #188022

[dplumlee]

Should this be something like NO_CONFLICT? I guess NO makes sense in the conflict: no assignment but it does look a bit weird standalone

[jpdjere]

Updated the enum for clarity

[jpdjere]

@banderror @nikitaindik @dplumlee

Thanks for the review. I've addressed your feedback, and included in the changes of this PR the handling of scenarios with a missing base version, with the "compromise" solution we had decided here.

Please take a look when you can.

[nikitaindik]

Thanks for the updates to PR @jpdjere! I have only reviewed changes related to MissingVersion - they look good to me!

[dplumlee]

The new changes look great to me @jpdjere, thanks for incorporating all this into the existing diff work! I do like the idea you mentioned here, not sure if there's a reason we didn't incorporate this before other than not really having any special logic needs for those cases with the initial implementation

[dplumlee]

👍

[dplumlee]

Nice idea to put these scenarios in here, I think I'll incorporate this into some other diff files as well

[jpdjere]

@dplumlee I ended up removing these, since now each scenario has its own ThreeWayDiffOutcome and there's no case like // Scenarios AAA and -AA anymore.

[jpdjere]

@banderror Reintroduced ThreeWayMergeOutcome enum as we discussed.

@dplumlee While introducing/modifying the integration tests for scenarios MissingBaseNoUpdate and MissingBaseCanUpdate, I realised that doing assertions on the whole reviewResponse.rules[0].diff.fields object was confusing, since version is always present and we need to describe its behaviour in all unrelated tests.

For example, the assertion in the case of the -AA or MissingBaseNoUpdate scenario was:

              const reviewResponse = await reviewPrebuiltRulesToUpgrade(supertest);
              expect(reviewResponse.rules[0].diff.fields).toEqual({
                version: {
                  current_version: 1,
                  target_version: 2,
                  merged_version: 2,
                  diff_outcome: ThreeWayDiffOutcome.StockValueCanUpdate,
                  merge_outcome: ThreeWayMergeOutcome.Target,
                  has_conflict: false,
                  has_update: true,
                },
              });

which in my opinion creates cognitive dissonance because the reader of the test is expecting to see diff_outcome: ThreeWayDiffOutcome.MissingBaseNoUpdate but actually sees StockValueCanUpdate. It might take a while to realize that StockValueCanUpdate refers only to version and that the actual field being tested actually does have has a merge_outcome of ThreeWayDiffOutcome.MissingBaseNoUpdate, but it's just not returned as part of the diff object by the endpoint.

So I went ahead and simplified all integration tests, now doing assertions only on the field that should/shouldn't be part of the diff object - so that if the scenario excludes the field from the diff object, then the assertion is just expect(reviewResponse.rules[0].diff.fields.name).toBeUndefined().

So now the focus of each test is exclusively on the field that corresponds to the algorithm type.

[banderror]

Thanks @jpdjere, I left a couple more comments. Approving in advance 👍

[banderror]

We always try to avoid as casting in production code, can we try to rewrite this algorithm in a type-safe way?

[jpdjere]

Fixed

[banderror]

Same here

[banderror]

Same here

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 61ce4de

Failed CI Steps

• Jest Tests #2

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
securitySolution	5611	5612	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
securitySolution	20.4MB	20.4MB	+568.0B

History

• 💛 Build #223564 was flaky 63262b0
• 💚 Build #223505 succeeded b2de7e0
• 💔 Build #223468 failed 7851d36
• 💛 Build #223171 was flaky 82c7779
• 💔 Build #222991 failed 18279f9
• 💔 Build #222959 failed e1d3311

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @jpdjere