[Security Solution] Migrate Rules schema to OpenAPI #167999
Conversation
xcrzx
force-pushed
the
rules-schema-openapi
branch
16 times, most recently
from
52d456e to
2ba0fc7
Compare
xcrzx
added
Team:Detections and Resp
xcrzx
force-pushed
the
rules-schema-openapi
branch
7 times, most recently
from
64cf59b to
5f80ffe
Compare
xcrzx
added
v8.12.0
release_note:skip
xcrzx
force-pushed
the
rules-schema-openapi
branch
from
5f80ffe to
1083511
Compare
.../security_solution/common/api/detection_engine/model/rule_schema/rule_request_schema.test.ts
Show resolved
Hide resolved
x-pack/plugins/security_solution/common/detection_engine/transform_actions.ts
Show resolved
Hide resolved
...blic/detection_engine/rule_exceptions/components/flyout_components/item_conditions/index.tsx
Show resolved
Hide resolved
| import { DataViewId } from '../../api/detection_engine'; | ||
| // TODO https://github.com/elastic/security-team/issues/7491 | ||
| // eslint-disable-next-line no-restricted-imports | ||
| import { DataViewId } from '../../api/detection_engine/model/rule_schema_legacy'; |
There was a problem hiding this comment.
Do you happen to know why this is a restricted import? They're both common files in the same plugin.
There was a problem hiding this comment.
The path is restricted because it includes _legacy in it. We have plans to remove those legacy schemas, and in the meantime, we don't want people to use them accidentally. So adding legacy to the path helps with that.
xcrzx
force-pushed
the
rules-schema-openapi
branch
2 times, most recently
from
062b2c8 to
5aa692f
Compare
| @@ -6,13 +6,19 @@ paths: {} | |||
| components: | |||
| x-codegen-enabled: true | |||
| schemas: | |||
| NonEmptyString: | |||
| type: string | |||
| pattern: ^(?! *$).+$ | |||
There was a problem hiding this comment.
Just curious why using this relatively complex regex while it could be ^[^\s]+$ (require one ore more non space characters)? While it's stricter than NonEmptyString defined previously in via io-ts but we still don't expect any kind of space characters as a rule name.
There was a problem hiding this comment.
In my honest opinion, we need neither of those regexes 🙂 I'd define a non-empty string as a string with length > 0, regardless of its content.
xcrzx
force-pushed
the
rules-schema-openapi
branch
from
5aa692f to
62e5aac
Compare
There was a problem hiding this comment.
Fantastic and absolutely humongous work @xcrzx! Thank you for addressing so many comments and moving our architecture in the right direction. This is so, so much better than our legacy schemas written with io-ts. I'm excited about all the other improvements that we can and will do based on this work!
| @@ -74,6 +73,7 @@ import { | |||
| import { RuleSwitch } from '../../../../detections/components/rules/rule_switch'; | |||
| import { StepPanel } from '../../../../detections/components/rules/step_panel'; | |||
| import { | |||
| getMachineLearningJobId, | |||
There was a problem hiding this comment.
Nit: the function should be called getMachineLearningJobIds because it returns an array. We could rename it later
| @@ -32,6 +32,7 @@ const mockRule: Rule = { | |||
| severity: 'low', | |||
| type: 'query', | |||
| query: 'some query', | |||
| language: 'kuery', | |||
There was a problem hiding this comment.
Thank you for getting rid of the frontend-side Rule "schema"! I guess this diff shows that this highlighted some bugs in our code where we forgot to specify all the fields required by RuleResponse.
| export const RuleSchema = t.intersection([ | ||
| t.type({ | ||
| author: RuleAuthorArray, | ||
| created_at: t.string, |
There was a problem hiding this comment.
No more frontend-side (duplicated and inaccurate) rule schema anymore! 🙌
cc @elastic/security-detection-rule-management @elastic/security-detection-engine
| export type PrebuiltRuleAsset = z.infer<typeof PrebuiltRuleAsset>; | ||
| export const PrebuiltRuleAsset = BaseCreateProps.and(TypeSpecificCreateProps).and( | ||
| z.object({ | ||
| rule_id: RuleSignatureId, | ||
| version: RuleVersion, | ||
| related_integrations: RelatedIntegrationArray.optional(), | ||
| required_fields: RequiredFieldArray.optional(), | ||
| setup: SetupGuide.optional(), | ||
| }) | ||
| ); |
xcrzx
force-pushed
the
rules-schema-openapi
branch
from
62e5aac to
dbcce09
Compare
vitaliidm
dismissed
their stale review
Rule schema validation should be addressed in subsequent PRs: #167999 (comment)
xcrzx
force-pushed
the
rules-schema-openapi
branch
3 times, most recently
from
2eb70ec to
92851af
Compare
xcrzx
force-pushed
the
rules-schema-openapi
branch
from
92851af to
5c2609e
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @xcrzx |
Parent meta ticket: https://github.com/elastic/security-team/issues/7491
Resolves: https://github.com/elastic/security-team/issues/7582
Resolves: https://github.com/elastic/security-team/issues/7580
Resolves: https://github.com/elastic/security-team/issues/7581
Summary
This PR migrates the rules schema to OpenAPI, Zod, and code generation.
The following APIs now have complete OpenAPI specifications and are enabled for code generation:
Rule schemas are now forward-compatible
We now allow extra fields in schemas for forward compatibility, but we remove them from the payload during parsing. So from now on, extra fields are simply ignored and won't lead to validation errors.