-
Notifications
You must be signed in to change notification settings - Fork 8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Add missing Exceptions API OpenAPI specifications #185951
base: main
Are you sure you want to change the base?
Conversation
22d2fc8
to
61ad063
Compare
d4d7cd8
to
09f4a03
Compare
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-engine (Team:Detection Engine) |
aeb4a00
to
d51ce47
Compare
4de0de3
to
632c69a
Compare
Files by Code Ownerelastic/kibana-operations
elastic/security-defend-workflows
elastic/security-detection-engine
elastic/security-detection-rule-management
elastic/security-solution
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes tagged for elastic/security-defend-workflows
look good 👍
5268734
to
f64d0b8
Compare
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Public APIs missing comments
Unknown metric groupsAPI count
History
To update your PR or re-run it, just comment with: cc @maximpn |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! Left a few comments/questions - mostly regarding the old vs new schemas and whether we do breaking changes in some places.
export const ExceptionListTypeEnum = ExceptionListType.enum; | ||
|
||
export type ExceptionListName = z.infer<typeof ExceptionListName>; | ||
export const ExceptionListName = NonEmptyString; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Non empty string is not required by the old schema packages/kbn-securitysolution-io-ts-list-types/src/common/name/index.ts
, so this will be a breaking change.
export const name = t.string;
export type Name = t.TypeOf<typeof name>;
|
||
export type CreateExceptionListRequestBody = z.infer<typeof CreateExceptionListRequestBody>; | ||
export const CreateExceptionListRequestBody = z.object({ | ||
list_id: ExceptionListHumanId.optional(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the old schema, we would check if the input is null and create a uuid in that case, otherwise we would expect non empty string. I do not see the parity in behaviour here. Is it possible to do the same via openapi and zod?
/**
* Types the DefaultUuid as:
* - If null or undefined, then a default string uuidv4() will be
* created otherwise it will be checked just against an empty string
*/
export const DefaultUuid = new t.Type<string, string | undefined, unknown>(
'DefaultUuid',
t.string.is,
(input, context): Either<t.Errors, string> =>
input == null ? t.success(uuidv4()) : NonEmptyString.validate(input, context),
t.identity
);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we add .default(uuidv4())
?
export const ExceptionNamespaceTypeEnum = ExceptionNamespaceType.enum; | ||
|
||
export type ExceptionListTags = z.infer<typeof ExceptionListTags>; | ||
export const ExceptionListTags = z.array(NonEmptyString); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not see the requirement for non empty string for this type in old version.
export const tags = DefaultStringArray;
where
export const DefaultStringArray = new t.Type<string[], string[] | undefined, unknown>(
'DefaultStringArray',
t.array(t.string).is,
(input, context): Either<t.Errors, string[]> =>
input == null ? t.success([]) : t.array(t.string).validate(input, context),
t.identity
);
export const ExceptionListOsTypeArray = z.array(ExceptionListOsType); | ||
|
||
export type ExceptionListVersion = z.infer<typeof ExceptionListVersion>; | ||
export const ExceptionListVersion = z.number().int().min(1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In old schema we use PositiveIntegerGreaterThanZero
type for the version. Should we add check for that as well?
export type CreateExceptionListItemRequestBody = z.infer<typeof CreateExceptionListItemRequestBody>; | ||
export const CreateExceptionListItemRequestBody = z.object({ | ||
item_id: ExceptionListItemHumanId.optional(), | ||
list_id: ExceptionListHumanId, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as in case with exception list schema, do we need to add .default(uuidv4())
here?
- `exception-list-agnostic`: Specify an exception list that is shared across spaces. | ||
|
||
*/ | ||
filter: FindExceptionListsFilter.optional(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in packages/kbn-securitysolution-io-ts-list-types/src/common/filter/index.ts
non empty string for filter
is not required
/** | ||
* The page number to return | ||
*/ | ||
page: z.coerce.number().int().min(0).optional(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to packages/kbn-securitysolution-io-ts-types/src/string_to_positive_number/index.ts
both page
and per_page
should be positive numbers. We use StringToPositiveNumber
type which does failure check stringAsNumber <= 0
. Can we use z.number().positive()
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same in other files where we use these types.
/** | ||
* Determines which field is used to sort the results | ||
*/ | ||
sort_field: NonEmptyString.optional(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Old schema does not require non empty string for sort_field
export type FindExceptionListsResponse = z.infer<typeof FindExceptionListsResponse>; | ||
export const FindExceptionListsResponse = z.object({ | ||
data: z.array(ExceptionList), | ||
page: z.number().int().min(0), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All three page
, per_page
and total
marked with // TODO: Change this out for PositiveNumber from siem
. Maybe we should add .positive()
to these types instead of .min(0)
.
} | ||
|
||
return response.ok({ body: DeleteExceptionListItemResponse.parse(deleted) }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that before we would return 500 error if response validation fails. Is this still the same in case of zod parse?
@maximpn do these changes require going in 8.15 or can it wait for 8.16? cc @banderror |
@yctercero We don't have to merge this before the FF - we can take our time to review this. I updated the labels. |
Resolves: #183837
Summary
This PR adds missing OpenAPI specifications for Exceptions API which are the following
POST /api/exception_lists/_export
POST /api/exception_lists/_import
POST /api/exception_lists
GET /api/exception_lists
PUT /api/exception_lists
DELETE /api/exception_lists
GET /api/exception_lists/_find
POST /api/exception_lists/_duplicate
POST /api/exception_lists/items
GET /api/exception_lists/items
PUT /api/exception_lists/items
DELETE /api/exception_lists/items
GET /api/exception_lists/items/_find
GET /api/exception_lists/summary
POST /api/exceptions/shared
POST /api/detection_engine/rules/{id}/exceptions