Open jpdjere opened 5 months ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-solution (Team: SecuritySolution)
Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168
🚧 Ticket under construction 🚧
Summary
Replace PATCH logic with PUT when upgrading rules in
x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts
, update:to be:
This will prevent us from introducing a bug once we ship prebuilt rules customization. The bug would be: if Elastic reverted a rule field to become empty/undefined in the next target version, the PATCH call would not update this field as expected, because PATCH cannot reset a field to
undefined
. The PUT call doesn't have this flaw. Moreover, in an upgrade workflow all rule fields are known beforehand, so PUT is the right semantics for it. We've already changed PATCH to PUT in the import workflow, which is very similar to upgrade.