EMT-661: use new metadata current

x-pack/plugins/security_solution/common/endpoint/constants.ts

@@ -7,6 +7,7 @@
 export const eventsIndexPattern = 'logs-endpoint.events.*';
 export const alertsIndexPattern = 'logs-endpoint.alerts-*';
 export const metadataIndexPattern = 'metrics-endpoint.metadata-*';
+export const metadataCurrentIndexPattern = 'metrics-endpoint.metadata_current-*';
 export const policyIndexPattern = 'metrics-endpoint.policy-*';
 export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';
 export const LIMITED_CONCURRENCY_ENDPOINT_ROUTE_TAG = 'endpoint:limited-concurrency';

x-pack/plugins/security_solution/common/endpoint/types.ts

@@ -442,6 +442,13 @@ export type HostInfo = Immutable<{
   host_status: HostStatus;
 }>;
 
+export type HostMetadataDetails = Immutable<{
+  agent: {
+    id: string;
+  };
+  HostDetails: HostMetadata;
+}>;
+
 export type HostMetadata = Immutable<{
   '@timestamp': number;
   event: {

x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts

@@ -9,11 +9,12 @@ import { SearchResponse } from 'elasticsearch';
 import { schema } from '@kbn/config-schema';
 import Boom from 'boom';
 
-import { metadataIndexPattern } from '../../../../common/endpoint/constants';
+import { metadataCurrentIndexPattern } from '../../../../common/endpoint/constants';
 import { getESQueryHostMetadataByID, kibanaRequestToMetadataListESQuery } from './query_builders';
 import {
   HostInfo,
   HostMetadata,
+  HostMetadataDetails,
   HostResultList,
   HostStatus,
 } from '../../../../common/endpoint/types';
@@ -23,10 +24,6 @@ import { Agent, AgentStatus } from '../../../../../ingest_manager/common/types/m
 import { findAllUnenrolledAgentIds } from './support/unenroll';
 import { findAgentIDsByStatus } from './support/agent_status';
 
-interface HitSource {
-  _source: HostMetadata;
-}
-
 interface MetadataRequestContext {
   agentService: AgentService;
   logger: Logger;
@@ -127,7 +124,7 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
         const queryParams = await kibanaRequestToMetadataListESQuery(
           req,
           endpointAppContext,
-          metadataIndexPattern,
+          metadataCurrentIndexPattern,
           {
             unenrolledAgentIds: unenrolledAgentIds.concat(IGNORED_ELASTIC_AGENT_IDS),
             statusAgentIDs: statusIDs,
@@ -137,7 +134,7 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
         const response = (await context.core.elasticsearch.legacy.client.callAsCurrentUser(
           'search',
           queryParams
-        )) as SearchResponse<HostMetadata>;
+        )) as SearchResponse<HostMetadataDetails>;
 
         return res.ok({
           body: await mapToHostResultList(queryParams, response, metadataRequestContext),
@@ -193,17 +190,17 @@ export async function getHostData(
   metadataRequestContext: MetadataRequestContext,
   id: string
 ): Promise<HostInfo | undefined> {
-  const query = getESQueryHostMetadataByID(id, metadataIndexPattern);
+  const query = getESQueryHostMetadataByID(id, metadataCurrentIndexPattern);
   const response = (await metadataRequestContext.requestHandlerContext.core.elasticsearch.legacy.client.callAsCurrentUser(
     'search',
     query
-  )) as SearchResponse<HostMetadata>;
+  )) as SearchResponse<HostMetadataDetails>;
 
   if (response.hits.hits.length === 0) {
     return undefined;
   }
 
-  const hostMetadata: HostMetadata = response.hits.hits[0]._source;
+  const hostMetadata: HostMetadata = response.hits.hits[0]._source.HostDetails;
   const agent = await findAgent(metadataRequestContext, hostMetadata);
 
   if (agent && !agent.active) {
@@ -241,19 +238,19 @@ async function findAgent(
 async function mapToHostResultList(
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   queryParams: Record<string, any>,
-  searchResponse: SearchResponse<HostMetadata>,
+  searchResponse: SearchResponse<HostMetadataDetails>,
   metadataRequestContext: MetadataRequestContext
 ): Promise<HostResultList> {
-  const totalNumberOfHosts = searchResponse?.aggregations?.total?.value || 0;
+  const totalNumberOfHosts =
+    ((searchResponse.hits?.total as unknown) as { value: number; relation: string }).value || 0;
   if (searchResponse.hits.hits.length > 0) {
     return {
       request_page_size: queryParams.size,
       request_page_index: queryParams.from,
       hosts: await Promise.all(
-        searchResponse.hits.hits
-          .map((response) => response.inner_hits.most_recent.hits.hits)
-          .flatMap((data) => data as HitSource)
-          .map(async (entry) => enrichHostMetadata(entry._source, metadataRequestContext))
+        searchResponse.hits.hits.map(async (entry) =>
+          enrichHostMetadata(entry._source.HostDetails, metadataRequestContext)
+        )
       ),
       total: totalNumberOfHosts,
     };

x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts

@@ -23,6 +23,7 @@ import {
 import {
   HostInfo,
   HostMetadata,
+  HostMetadataDetails,
   HostResultList,
   HostStatus,
 } from '../../../../common/endpoint/types';
@@ -141,7 +142,7 @@ describe('test endpoint route', () => {
       bool: {
         must_not: {
           terms: {
-            'elastic.agent.id': [
+            'HostDetails.elastic.agent.id': [
               '00000000-0000-0000-0000-000000000000',
               '11111111-1111-1111-1111-111111111111',
             ],
@@ -197,7 +198,7 @@ describe('test endpoint route', () => {
             bool: {
               must_not: {
                 terms: {
-                  'elastic.agent.id': [
+                  'HostDetails.elastic.agent.id': [
                     '00000000-0000-0000-0000-000000000000',
                     '11111111-1111-1111-1111-111111111111',
                   ],
@@ -442,7 +443,7 @@ describe('Filters Schema Test', () => {
   });
 });
 
-function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostMetadata> {
+function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostMetadataDetails> {
   return ({
     took: 15,
     timed_out: false,
@@ -454,7 +455,7 @@ function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostM
     },
     hits: {
       total: {
-        value: 5,
+        value: 1,
         relation: 'eq',
       },
       max_score: null,
@@ -464,36 +465,18 @@ function createSearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostM
               _index: 'metrics-endpoint.metadata-default',
               _id: '8FhM0HEBYyRTvb6lOQnw',
               _score: null,
-              _source: hostMetadata,
-              sort: [1588337587997],
-              inner_hits: {
-                most_recent: {
-                  hits: {
-                    total: {
-                      value: 2,
-                      relation: 'eq',
-                    },
-                    max_score: null,
-                    hits: [
-                      {
-                        _index: 'metrics-endpoint.metadata-default',
-                        _id: 'W6Vo1G8BYQH1gtPUgYkC',
-                        _score: null,
-                        _source: hostMetadata,
-                        sort: [1579816615336],
-                      },
-                    ],
-                  },
+              _source: {
+                agent: {
+                  id: '1e3472bb-5c20-4946-b469-b5af1a809e4f',
+                },
+                HostDetails: {
+                  ...hostMetadata,
                 },
               },
+              sort: [1588337587997],
             },
           ]
         : [],
     },
-    aggregations: {
-      total: {
-        value: 1,
-      },
-    },
-  } as unknown) as SearchResponse<HostMetadata>;
+  } as unknown) as SearchResponse<HostMetadataDetails>;
 }