Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM][CASE] Refactor Connectors - Jira Connector #63450

Merged
merged 35 commits into from
Apr 30, 2020
Merged

[SIEM][CASE] Refactor Connectors - Jira Connector #63450

merged 35 commits into from
Apr 30, 2020

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Apr 14, 2020
edited
Loading

Summary

Changes on this PR:

  • Refactor code to support multiple connectors.
  • Executor actions (commands) for each connector.
  • Jira Connector.
  • Update README

Dev Docs

The API changed to support executor actions. The supported action are: pushToService, handshake, and getIncident. This PR implements only the pushToService action.

The following response fields have changed:

  • incidentId changed to id.
  • number changed to title.

Create an incident:

Create an incident to ServiceNow. When the incidentId attribute is not in actionParams the executor will create the incident.

Endpoint: api/action/<action_id>/_execute
Method: POST

Payload:

{
    "params": {
        "action": "pushToService",
        "actionParams": {
	    	"caseId": "d4387ac5-0899-4dc2-bbfa-0dd605c934aa",
	        "title": "A new incident",
	        "description": "A description",
	        "comments": [
	            {
	                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
	                "version": "WzU3LDFd",
	                "comment": "A comment"
	            }
	        ]
        }
    }
}

Response

{
    "status": "ok",
    "actionId": "f631be57-0a59-4e28-8833-16fc3b309374",
    "data": {
        "id": "7d7aad9c072fc0100e48fbbf7c1ed0c2",
        "title": "INC0010044",
        "pushedDate": "2020-03-10T13:02:59.000Z",
        "comments": [
            {
                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
                "pushedDate": "2020-03-10T13:03:00.000Z"
            }
        ]
    }
}

Update an incident:

Update an incident to ServiceNow. When the incidentId attribute is in actionParams the executor will update the incident.

Endpoint: api/action/<action_id>/_execute
Method: POST

Payload:

{
    "params": {
        "action": "pushToService",
	    "actionParmas": {
			"caseId": "d4387ac5-0899-4dc2-bbfa-0dd605c934aa",
	        "incidentId": "7d7aad9c072fc0100e48fbbf7c1ed0c2"
	        "title": "A new incident",
	        "description": "A description",
	        "comments": [
	            {
	                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
	                "version": "WzU3LDFd",
	                "comment": "A comment"
	            }
	        ]
		}
    }
}

Response

{
    "status": "ok",
    "actionId": "f631be57-0a59-4e28-8833-16fc3b309374",
    "data": {
        "id": "7d7aad9c072fc0100e48fbbf7c1ed0c2",
        "title": "INC0010044",
        "pushedDate": "2020-03-10T13:02:59.000Z",
        "comments": [
            {
                "commentId": "b5b4c4d0-574e-11ea-9e2e-21b90f8a9631",
                "pushedDate": "2020-03-10T13:03:00.000Z"
            }
        ]
    }
}

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@elasticmachine
Copy link
Contributor

Pinging @elastic/siem (Team:SIEM)

@cnasikas cnasikas added the release_note:skip Skip the PR/issue when compiling release notes label Apr 14, 2020
@cnasikas cnasikas self-assigned this Apr 14, 2020
@cnasikas cnasikas added the enhancement New value added to drive a business result label Apr 14, 2020
@cnasikas cnasikas changed the title [SIEM][CASE] Multiple Connectors [SIEM][CASE][skip-ci] Multiple Connectors Apr 14, 2020
@cnasikas cnasikas force-pushed the refactor_connectors branch 2 times, most recently from f2f1134 to 3dcec08 Compare April 15, 2020 12:46
@cnasikas cnasikas changed the title [SIEM][CASE][skip-ci] Multiple Connectors [SIEM][CASE][skip-ci] IBM Resilient Apr 15, 2020
@cnasikas cnasikas force-pushed the refactor_connectors branch 4 times, most recently from 90aff76 to 94814be Compare April 15, 2020 16:37
@cnasikas cnasikas changed the title [SIEM][CASE][skip-ci] IBM Resilient [SIEM][CASE][skip-ci] Refactor Connectors Apr 15, 2020
@cnasikas cnasikas changed the title [SIEM][CASE][skip-ci] Refactor Connectors [SIEM][CASE][skip-ci] Refactor Connectors - IBM Resilient Apr 16, 2020
@cnasikas cnasikas force-pushed the refactor_connectors branch 2 times, most recently from 41388a8 to ef46abf Compare April 22, 2020 12:12
@cnasikas cnasikas changed the title [SIEM][CASE][skip-ci] Refactor Connectors - IBM Resilient [SIEM][CASE][skip-ci] Refactor Connectors - Jira Apr 22, 2020
@cnasikas cnasikas added release_note:enhancement and removed release_note:skip Skip the PR/issue when compiling release notes labels Apr 22, 2020
XavierM
XavierM approved these changes Apr 30, 2020
View reviewed changes
Copy link
Contributor

@XavierM XavierM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cnasikas
Copy link
Member Author

@elasticmachine merge upstream

@cnasikas
Copy link
Member Author

@elasticmachine merge upstream

pmuellr
pmuellr reviewed Apr 30, 2020
View reviewed changes
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked through the code that touches actions, looks good, except for some comments on schema.maybe() usage that should be changed.

Thanks for making the name changes I suggested in a previous review!

x-pack/plugins/actions/server/builtin_action_types/case/schema.ts Outdated
export const CommentSchema = schema.object({
commentId: schema.string(),
comment: schema.string(),
version: schema.maybe(schema.string()),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should be using schema.nullable() here instead of schema.maybe(). Otherwise, if the field is set at some point, and then you'd like to "null it out", there's no way to do that, as the updates we make to the SO are partial updates, so the effect would be that the field is unchanged.

There are a couple of other references to schema.maybe() in here as well.

I'll note that it's unwieldy to use the TS types generated from schema.nullable() to generate "writable" data structures in code, as TS will require the fields to be set to undefined or null - you can't simply just not set the field. But I believe that's true for schema.maybe() as well, and in general, using the the TS types generated from schema to use with programmatically built data structures is ... can be a bit painful.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right about nullable. I do not know why we started with undefined. The UI sent null for non-used values. Thanks a lot for catching this.

x-pack/plugins/actions/server/builtin_action_types/case/schema.ts Outdated

export const UserSchema = schema.object({
fullName: schema.oneOf([schema.nullable(schema.string()), schema.maybe(schema.string())]),
username: schema.oneOf([schema.nullable(schema.string()), schema.maybe(schema.string())]),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a note about the use of schema.maybe() in another comment, but this one seems ... more interesting. I think technically you can just use fullName: schema.nullable(schema.string()), but am curious if you had to do it this way for some other reason. Even for cases like MappingActionType above, I've instead sometimes just set the schema to a string, and validated the fixed set of literals in a custom validator, to produce a better error message for validation.

Probably worthwhile noting that the validation error messages produced from schema.oneOf() are quite verbose, and can be a little confusing.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a good reason for that either. Probably I did it to match fullname: string | undefined | null. You are right, no need for that.

About schema.oneOf you are right. It's quite verbose and difficult to catch. I tried to use the validate function but there was a bug (#64906). I would follow your advice and create a custom validator to produce better error messages for our schema in another PR.

pmuellr
pmuellr approved these changes Apr 30, 2020
View reviewed changes
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

realized in my previous review I just "commented", should have "approved". But see #63450 (comment) regarding schema changes.

@cnasikas
Copy link
Member Author

cnasikas commented Apr 30, 2020
edited
Loading

realized in my previous review I just "commented", should have "approved". But see #63450 (comment) regarding schema changes.

I saw your previous comments and made the appropriate changes. Thank you, I learned a lot!

@cnasikas cnasikas merged commit 47b8ba5 into elastic:master Apr 30, 2020
@cnasikas cnasikas deleted the refactor_connectors branch April 30, 2020 21:20
@cnasikas cnasikas mentioned this pull request Apr 30, 2020
Merged
cnasikas added a commit to cnasikas/kibana that referenced this pull request Apr 30, 2020
@cnasikas
[SIEM][CASE] Refactor Connectors - Jira Connector (elastic#63450)
ea41ab1
cnasikas added a commit that referenced this pull request May 1, 2020
@cnasikas
[7.x] [SIEM][CASE] Refactor Connectors - Jira Connector (#63450) (#64963
476afc4 
)
v1v added a commit to v1v/kibana that referenced this pull request May 4, 2020
@v1v
Merge remote-tracking branch 'upstream/master' into feature/e2e-changes
0dd3b32 
* upstream/master: (315 commits)
  [APM] Fix failing `ApmIndices` test (elastic#64965)
  [APM] Fix paths for ts optimization script (elastic#65012)
  Use HDR for percentiles (elastic#64758)
  [EPM] fix updates available filter (elastic#64957)
  [Uptime] Certificates page (elastic#64059)
  load lens app lazily (elastic#64769)
  [legacy/server/config] remove unnecessary deps for simple helper (elastic#64954)
  Fixed alert Edit flyout shows the error message when one of this actions has a preconfigured action type (elastic#64742)
  [data.search.aggs] Remove legacy aggs APIs. (elastic#64719)
  Fixed `AddAlert` flyout does not immediately update state to reflect new props (elastic#64927)
  [Discover] Show doc viewer action buttons on focus (elastic#64912)
  [EPM] restrict package install endpoint from installing/updating to old packages (elastic#64932)
  [Metrics UI] Add inventory metric threshold alerts (elastic#64292)
  [Canvas] Adds edit menu (elastic#64738)
  [Canvas] Adds refresh and autoplay options to view menu (elastic#64375)
  [Lens] Trigger a filter action on click in datatable visualization (elastic#63840)
  [SIEM][CASE] Refactor Connectors - Jira Connector (elastic#63450)
  [APM] Client new platform migration (elastic#64046)
  [Monitoring] NP Migration complete client cutover (elastic#62908)
  Ingest Node Pipelines UI (elastic#62321)
  ...
jloleysens added a commit to jloleysens/kibana that referenced this pull request May 4, 2020
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into pipeline-edit…
68c12f9 
…or-part-mvp-2

* 'master' of github.com:elastic/kibana: (51 commits)
  [APM] Fix failing `ApmIndices` test (elastic#64965)
  [APM] Fix paths for ts optimization script (elastic#65012)
  Use HDR for percentiles (elastic#64758)
  [EPM] fix updates available filter (elastic#64957)
  [Uptime] Certificates page (elastic#64059)
  load lens app lazily (elastic#64769)
  [legacy/server/config] remove unnecessary deps for simple helper (elastic#64954)
  Fixed alert Edit flyout shows the error message when one of this actions has a preconfigured action type (elastic#64742)
  [data.search.aggs] Remove legacy aggs APIs. (elastic#64719)
  Fixed `AddAlert` flyout does not immediately update state to reflect new props (elastic#64927)
  [Discover] Show doc viewer action buttons on focus (elastic#64912)
  [EPM] restrict package install endpoint from installing/updating to old packages (elastic#64932)
  [Metrics UI] Add inventory metric threshold alerts (elastic#64292)
  [Canvas] Adds edit menu (elastic#64738)
  [Canvas] Adds refresh and autoplay options to view menu (elastic#64375)
  [Lens] Trigger a filter action on click in datatable visualization (elastic#63840)
  [SIEM][CASE] Refactor Connectors - Jira Connector (elastic#63450)
  [APM] Client new platform migration (elastic#64046)
  [Monitoring] NP Migration complete client cutover (elastic#62908)
  Ingest Node Pipelines UI (elastic#62321)
  ...

# Conflicts:
#	x-pack/plugins/ingest_pipelines/common/types.ts
#	x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form.tsx
#	x-pack/plugins/ingest_pipelines/public/application/components/pipeline_form/pipeline_form_fields.tsx
#	x-pack/plugins/ingest_pipelines/public/shared_imports.ts
gmmorris added a commit to gmmorris/kibana that referenced this pull request May 4, 2020
@gmmorris
Merge branch 'master' into alerting/np-tests-migration
7215df9 
* master: (44 commits)
  onEvent prop for expression component (elastic#64995)
  [APM] Fix failing `ApmIndices` test (elastic#64965)
  [APM] Fix paths for ts optimization script (elastic#65012)
  Use HDR for percentiles (elastic#64758)
  [EPM] fix updates available filter (elastic#64957)
  [Uptime] Certificates page (elastic#64059)
  load lens app lazily (elastic#64769)
  [legacy/server/config] remove unnecessary deps for simple helper (elastic#64954)
  Fixed alert Edit flyout shows the error message when one of this actions has a preconfigured action type (elastic#64742)
  [data.search.aggs] Remove legacy aggs APIs. (elastic#64719)
  Fixed `AddAlert` flyout does not immediately update state to reflect new props (elastic#64927)
  [Discover] Show doc viewer action buttons on focus (elastic#64912)
  [EPM] restrict package install endpoint from installing/updating to old packages (elastic#64932)
  [Metrics UI] Add inventory metric threshold alerts (elastic#64292)
  [Canvas] Adds edit menu (elastic#64738)
  [Canvas] Adds refresh and autoplay options to view menu (elastic#64375)
  [Lens] Trigger a filter action on click in datatable visualization (elastic#63840)
  [SIEM][CASE] Refactor Connectors - Jira Connector (elastic#63450)
  [APM] Client new platform migration (elastic#64046)
  [Monitoring] NP Migration complete client cutover (elastic#62908)
  ...
@cnasikas cnasikas added release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. and removed release_note:enhancement release_note:breaking labels Jun 9, 2020
@kibanamachine
Copy link
Contributor

💔 Build Failed

Failed CI Steps

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@MindyRS MindyRS added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 23, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmuellr pmuellr pmuellr approved these changes

@XavierM XavierM XavierM approved these changes

@Bamieh Bamieh Bamieh approved these changes

@stephmilovic stephmilovic Awaiting requested review from stephmilovic

@YulNaumenko YulNaumenko Awaiting requested review from YulNaumenko

Assignees

@cnasikas cnasikas

Labels
enhancement New value added to drive a business result release_note:enhancement release_note:plugin_api_changes Contains a Plugin API changes section for the breaking plugin API changes section. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:SIEM v7.8.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@cnasikas @elasticmachine @kibanamachine @pmuellr @XavierM @Bamieh @stephmilovic @MindyRS