[Search] Fixes EQL search strategy #83064
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The shared search utilities expect that response data exists in the response's body field. However, in an EQL response this information also exists as a sibling to the body field, and so we must normalize this data into the body before we can leverage these utilities with EQL queries.
These were previously needed to work around an index resolution but, but this has since been resolved upstream in elasticsearch via elastic/elasticsearch#63573.
Previously, custom preview histograms were passing a data-test-subj prop to our general histogram, but the general histogram did not know/care about this prop and it did not become a data property on the underlying DOM element. While most of our tests leveraged enzyme, they could still query by this react prop and everything worked as expected. However, now that we want to exercise this behavior in cypress, we need something to propagate to the DOM so that we can determine which histogram has rendered, so the prop has been updated to be `dataTestSubj`, which then becomes a data-test-subj on the histogram's panel. Tests have been updated accordingly.
* Asserts that the preview displays a histogram * Asserts that no error toast is displayed
rylnd
added
v8.0.0
Team:AppArch
release_note:skip
|
Pinging @elastic/kibana-app-arch (Team:AppArch) |
|
@elasticmachine merge upstream |
rylnd
commented
Nov 10, 2020
| cy.get(EQL_QUERY_VALIDATION_SPINNER).should('not.exist'); | ||
| cy.get(QUERY_PREVIEW_BUTTON).should('not.be.disabled').click({ force: true }); | ||
| cy.get(EQL_QUERY_PREVIEW_HISTOGRAM).should('contain.text', 'Hits'); | ||
| cy.get(NOTIFICATION_TOASTS).children().should('not.have.class', TOAST_ERROR_CLASS); // asserts no error toast on page |
There was a problem hiding this comment.
@MadameSheema I wanted to call out this addition as it might be a nice sanity check throughout the suite
rylnd
commented
Nov 10, 2020
| @@ -51,7 +51,7 @@ describe('PreviewCustomQueryHistogram', () => { | |||
|
|
|||
| expect(wrapper.find('[data-test-subj="queryPreviewLoading"]').exists()).toBeTruthy(); | |||
| expect( | |||
| wrapper.find('[data-test-subj="queryPreviewCustomHistogram"]').at(0).prop('subtitle') | |||
| wrapper.find('[dataTestSubj="queryPreviewCustomHistogram"]').at(0).prop('subtitle') | |||
There was a problem hiding this comment.
@yctercero I tried to make as few changes to these tests as possible to maintain behavior while allowing a custom data-test-subj on each histogram; see 471595f for details
rylnd
commented
Nov 10, 2020
| @@ -64,7 +67,7 @@ export const eqlSearchStrategyProvider = ( | |||
| (response) => response.body.id, | |||
| request.id, | |||
| options | |||
| ).pipe(utils.toKibanaSearchResponse()); | |||
| ).pipe(normalizeEqlResponse(), utils.toKibanaSearchResponse()); | |||
There was a problem hiding this comment.
This is the crux of the fix; details are in 9e5abf4
|
@elasticmachine merge upstream |
|
|
||
| export const NOTIFICATION_TOASTS = '[data-test-subj="globalToastList"]'; | ||
|
|
||
| export const TOAST_ERROR_CLASS = 'euiToast--danger'; |
There was a problem hiding this comment.
Always a bummer when we have to use a class for part of a selector but I get when we have to do it.
There was a problem hiding this comment.
Yeah, this was the best identifier I could find for now. I'll make a note to add a data-test-subj upstream in notifications next time I come through here 👍
| @@ -74,8 +74,6 @@ export const useEqlPreview = (): [ | |||
| .search<EqlSearchStrategyRequest, EqlSearchStrategyResponse<EqlSearchResponse<Source>>>( | |||
| { | |||
| params: { | |||
| // @ts-expect-error allow_no_indices is missing on EqlSearch | |||
| allow_no_indices: true, | |||
FrankHassanabad
approved these changes
Nov 12, 2020
yctercero
approved these changes
Nov 12, 2020
|
@elasticmachine merge upstream |
|
Just an FYI, we have another refactoring happening here: #82545. I'll update that PR with these changes, and thanks for adding the tests so we can be sure not to break this in the future! |
|
@elasticmachine merge upstream |
These were updated on an upstream refactor.
💚 Build SucceededMetrics [docs]Async chunks
Distributable file count
Page load bundle
History
To update your PR or re-run it, just comment with: |
rylnd
added a commit
that referenced
this pull request
Nov 17, 2020
* Ensure that data is not lost when parsing EQL responses The shared search utilities expect that response data exists in the response's body field. However, in an EQL response this information also exists as a sibling to the body field, and so we must normalize this data into the body before we can leverage these utilities with EQL queries. * Remove unused EQL parameters These were previously needed to work around an index resolution but, but this has since been resolved upstream in elasticsearch via elastic/elasticsearch#63573. * Allow custom test subj for Preview Histogram to propagate to DOM Previously, custom preview histograms were passing a data-test-subj prop to our general histogram, but the general histogram did not know/care about this prop and it did not become a data property on the underlying DOM element. While most of our tests leveraged enzyme, they could still query by this react prop and everything worked as expected. However, now that we want to exercise this behavior in cypress, we need something to propagate to the DOM so that we can determine which histogram has rendered, so the prop has been updated to be `dataTestSubj`, which then becomes a data-test-subj on the histogram's panel. Tests have been updated accordingly. * Exercise Query Preview during EQL rule creation * Asserts that the preview displays a histogram * Asserts that no error toast is displayed * Add integration tests around EQL sequence signal generation * Clearer assertion * Simplify test assertion * Fix typings These were updated on an upstream refactor. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> # Conflicts: # x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
#82900
Between search types being too permissive and a lack of test coverage, a recent refactor altered the EQL search strategy responses such that some features in Security Solution were broken. This PR fixes those issues, and adds unit & functional tests to prevent regressions in this area. I also added some integration tests around EQL signal generation to generally bump coverage there as well.
Checklist
Delete any items that are not applicable to this PR.
For maintainers