From 9b3b2f3e46f7dc59f370563fec336e5f0cbc1338 Mon Sep 17 00:00:00 2001
From: Davis Plumlee <davis.plumlee@elastic.co>
Date: Mon, 6 Dec 2021 13:47:10 -0500
Subject: [PATCH] addresses comments

---
 .../rule_data_plugin_service/index_options.ts |  2 +-
 .../security_solution/common/constants.ts     |  9 ----
 .../common/detection_engine/constants.ts      | 13 ++++++
 .../components/rules/rule_preview/index.tsx   |  8 ++--
 .../rules/use_preview_rule.ts                 | 10 ++---
 .../routes/rules/preview_rules_route.ts       | 11 ++---
 .../tests/preview_rules.ts                    | 13 +-----
 .../detection_engine_api_integration/utils.ts | 41 -------------------
 8 files changed, 31 insertions(+), 76 deletions(-)
 create mode 100644 x-pack/plugins/security_solution/common/detection_engine/constants.ts

diff --git a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
index e300c99135af90..cdec7c609699d6 100644
--- a/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
+++ b/x-pack/plugins/rule_registry/server/rule_data_plugin_service/index_options.ts
@@ -105,7 +105,7 @@ export interface IndexOptions {
    * shouldn't exist on an alert index and shouldn't be queried together with
    * real alerts in any way, because the rule that created them doesn't exist
    */
-  additionalPrefix?: '.preview';
+  additionalPrefix?: string;
 }
 
 /**
diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
index 7828f491605237..ce7a418833754f 100644
--- a/x-pack/plugins/security_solution/common/constants.ts
+++ b/x-pack/plugins/security_solution/common/constants.ts
@@ -259,8 +259,6 @@ export const DETECTION_ENGINE_PREPACKAGED_RULES_STATUS_URL =
 export const DETECTION_ENGINE_RULES_BULK_ACTION =
   `${DETECTION_ENGINE_RULES_URL}/_bulk_action` as const;
 export const DETECTION_ENGINE_RULES_PREVIEW = `${DETECTION_ENGINE_RULES_URL}/preview` as const;
-export const DETECTION_ENGINE_RULES_PREVIEW_INDEX_URL =
-  `${DETECTION_ENGINE_RULES_PREVIEW}/index` as const;
 
 /**
  * Internal detection engine routes
@@ -382,10 +380,3 @@ export const WARNING_TRANSFORM_STATES = new Set([
   TRANSFORM_STATES.STOPPED,
   TRANSFORM_STATES.STOPPING,
 ]);
-
-export enum INVOCATION_COUNT {
-  HOUR = 20,
-  DAY = 24,
-  WEEK = 168,
-  MONTH = 30,
-}
diff --git a/x-pack/plugins/security_solution/common/detection_engine/constants.ts b/x-pack/plugins/security_solution/common/detection_engine/constants.ts
new file mode 100644
index 00000000000000..7f3c8228006735
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/detection_engine/constants.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+export enum RULE_PREVIEW_INVOCATION_COUNT {
+  HOUR = 20,
+  DAY = 24,
+  WEEK = 168,
+  MONTH = 30,
+}
diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/index.tsx
index 100c792db6e02a..0677184a05ef21 100644
--- a/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/components/rules/rule_preview/index.tsx
@@ -46,6 +46,8 @@ const PreviewButton = styled(EuiButton)`
   margin-left: 0;
 `;
 
+const defaultTimeRange: Unit = 'h';
+
 const RulePreviewComponent: React.FC<RulePreviewProps> = ({
   index,
   isDisabled,
@@ -64,7 +66,7 @@ const RulePreviewComponent: React.FC<RulePreviewProps> = ({
     }
   }, [spaces]);
 
-  const [timeFrame, setTimeFrame] = useState<Unit>('h');
+  const [timeFrame, setTimeFrame] = useState<Unit>(defaultTimeRange);
   const {
     addNoiseWarning,
     createPreview,
@@ -84,9 +86,9 @@ const RulePreviewComponent: React.FC<RulePreviewProps> = ({
     threshold,
   });
 
-  // Resets the timeFrame to default when rule type is changed
+  // Resets the timeFrame to default when rule type is changed because not all time frames are supported by all rule types
   useEffect(() => {
-    setTimeFrame('h');
+    setTimeFrame(defaultTimeRange);
   }, [ruleType]);
 
   return (
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_preview_rule.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_preview_rule.ts
index 51f0c25ef08106..c4ccea91d99c8f 100644
--- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_preview_rule.ts
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/use_preview_rule.ts
@@ -8,7 +8,7 @@
 import { useEffect, useState } from 'react';
 
 import { Unit } from '@elastic/datemath';
-import { INVOCATION_COUNT } from '../../../../../common/constants';
+import { RULE_PREVIEW_INVOCATION_COUNT } from '../../../../../common/detection_engine/constants';
 import { useAppToasts } from '../../../../common/hooks/use_app_toasts';
 import {
   PreviewResponse,
@@ -30,17 +30,17 @@ export const usePreviewRule = (timeframe: Unit = 'h') => {
   const [response, setResponse] = useState<PreviewResponse>(emptyPreviewRule);
   const [isLoading, setIsLoading] = useState(false);
   const { addError } = useAppToasts();
-  let invocationCount = INVOCATION_COUNT.HOUR;
+  let invocationCount = RULE_PREVIEW_INVOCATION_COUNT.HOUR;
 
   switch (timeframe) {
     case 'd':
-      invocationCount = INVOCATION_COUNT.DAY;
+      invocationCount = RULE_PREVIEW_INVOCATION_COUNT.DAY;
       break;
     case 'w':
-      invocationCount = INVOCATION_COUNT.WEEK;
+      invocationCount = RULE_PREVIEW_INVOCATION_COUNT.WEEK;
       break;
     case 'M':
-      invocationCount = INVOCATION_COUNT.MONTH;
+      invocationCount = RULE_PREVIEW_INVOCATION_COUNT.MONTH;
       break;
   }
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/preview_rules_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/preview_rules_route.ts
index 82092cac02b0dd..65ccbc315c93f9 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/preview_rules_route.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/preview_rules_route.ts
@@ -19,7 +19,7 @@ import { buildRouteValidation } from '../../../../utils/build_validation/route_v
 import { SetupPlugins } from '../../../../plugin';
 import type { SecuritySolutionPluginRouter } from '../../../../types';
 import { createRuleValidateTypeDependents } from '../../../../../common/detection_engine/schemas/request/create_rules_type_dependents';
-import { DETECTION_ENGINE_RULES_PREVIEW, INVOCATION_COUNT } from '../../../../../common/constants';
+import { DETECTION_ENGINE_RULES_PREVIEW } from '../../../../../common/constants';
 import { previewRulesSchema } from '../../../../../common/detection_engine/schemas/request';
 import { RuleExecutionStatus } from '../../../../../common/detection_engine/schemas/common/schemas';
 
@@ -43,6 +43,7 @@ import {
   createThresholdAlertType,
 } from '../../rule_types';
 import { createSecurityRuleTypeWrapper } from '../../rule_types/create_security_rule_type_wrapper';
+import { RULE_PREVIEW_INVOCATION_COUNT } from '../../../../../common/detection_engine/constants';
 
 export const previewRulesRoute = async (
   router: SecuritySolutionPluginRouter,
@@ -79,10 +80,10 @@ export const previewRulesRoute = async (
         let invocationCount = request.body.invocationCount;
         if (
           ![
-            INVOCATION_COUNT.HOUR,
-            INVOCATION_COUNT.DAY,
-            INVOCATION_COUNT.WEEK,
-            INVOCATION_COUNT.MONTH,
+            RULE_PREVIEW_INVOCATION_COUNT.HOUR,
+            RULE_PREVIEW_INVOCATION_COUNT.DAY,
+            RULE_PREVIEW_INVOCATION_COUNT.WEEK,
+            RULE_PREVIEW_INVOCATION_COUNT.MONTH,
           ].includes(invocationCount)
         ) {
           return response.ok({ body: { errors: ['Invalid invocation count'] } });
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/preview_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/preview_rules.ts
index bffa81afe96bf5..e58a8aede79850 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/preview_rules.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/preview_rules.ts
@@ -9,13 +9,7 @@ import expect from '@kbn/expect';
 
 import { DETECTION_ENGINE_RULES_PREVIEW } from '../../../../plugins/security_solution/common/constants';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
-import {
-  deleteAllAlerts,
-  createPreviewSignalsIndex,
-  deletePreviewSignalsIndex,
-  getSimplePreviewRule,
-  getSimpleRulePreviewOutput,
-} from '../../utils';
+import { deleteAllAlerts, getSimplePreviewRule, getSimpleRulePreviewOutput } from '../../utils';
 import { ROLES } from '../../../../plugins/security_solution/common/test';
 import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution';
 
@@ -36,12 +30,7 @@ export default ({ getService }: FtrProviderContext) => {
         await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts');
       });
 
-      beforeEach(async () => {
-        await createPreviewSignalsIndex(supertest, log);
-      });
-
       afterEach(async () => {
-        await deletePreviewSignalsIndex(supertest, log);
         await deleteAllAlerts(supertest, log);
       });
 
diff --git a/x-pack/test/detection_engine_api_integration/utils.ts b/x-pack/test/detection_engine_api_integration/utils.ts
index 02f36b74046c0f..3bd4f6530d56dd 100644
--- a/x-pack/test/detection_engine_api_integration/utils.ts
+++ b/x-pack/test/detection_engine_api_integration/utils.ts
@@ -45,7 +45,6 @@ import {
   DETECTION_ENGINE_INDEX_URL,
   DETECTION_ENGINE_PREPACKAGED_URL,
   DETECTION_ENGINE_QUERY_SIGNALS_URL,
-  DETECTION_ENGINE_RULES_PREVIEW_INDEX_URL,
   DETECTION_ENGINE_RULES_URL,
   DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL,
   DETECTION_ENGINE_SIGNALS_MIGRATION_URL,
@@ -579,25 +578,6 @@ export const createSignalsIndex = async (
   );
 };
 
-/**
- * Creates the preview signals index for use inside of beforeEach blocks of tests
- * This will retry 20 times before giving up and hopefully still not interfere with other tests
- * @param supertest The supertest client library
- */
-export const createPreviewSignalsIndex = async (
-  supertest: SuperTest.SuperTest<SuperTest.Test>,
-  log: ToolingLog
-): Promise<void> => {
-  await countDownTest(
-    async () => {
-      await supertest.post(DETECTION_ENGINE_RULES_PREVIEW_INDEX_URL).set('kbn-xsrf', 'true').send();
-      return true;
-    },
-    'createPreviewSignalsIndex',
-    log
-  );
-};
-
 export const createLegacyRuleAction = async (
   supertest: SuperTest.SuperTest<SuperTest.Test>,
   alertId: string,
@@ -639,27 +619,6 @@ export const deleteSignalsIndex = async (
   );
 };
 
-/**
- * Deletes the signals index for use inside of afterEach blocks of tests
- * @param supertest The supertest client library
- */
-export const deletePreviewSignalsIndex = async (
-  supertest: SuperTest.SuperTest<SuperTest.Test>,
-  log: ToolingLog
-): Promise<void> => {
-  await countDownTest(
-    async () => {
-      await supertest
-        .delete(DETECTION_ENGINE_RULES_PREVIEW_INDEX_URL)
-        .set('kbn-xsrf', 'true')
-        .send();
-      return true;
-    },
-    'deleteSignalsIndex',
-    log
-  );
-};
-
 /**
  * Given an array of rule_id strings this will return a ndjson buffer which is useful
  * for testing uploads.