search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.73k stars 8.14k forks source link

[Security Solution] Replace PATCH logic with PUT when upgrading rules #180195

Open jpdjere opened 5 months ago

jpdjere commented 5 months ago

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168

🚧 Ticket under construction 🚧

Summary

Replace PATCH logic with PUT when upgrading rules in x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/logic/detection_rules_client/methods/upgrade_prebuilt_rule.ts, update:

  const patchedRule = await applyRulePatch({
    prebuiltRuleAssetClient,
    existingRule,
    rulePatch: ruleAsset,
  });

to be:

  const updatedRule = await applyRuleUpdate({
    prebuiltRuleAssetClient,
    existingRule,
    ruleUpdate: ruleAsset,
  });

This will prevent us from introducing a bug once we ship prebuilt rules customization. The bug would be: if Elastic reverted a rule field to become empty/undefined in the next target version, the PATCH call would not update this field as expected, because PATCH cannot reset a field to undefined. The PUT call doesn't have this flaw. Moreover, in an upgrade workflow all rule fields are known beforehand, so PUT is the right semantics for it. We've already changed PATCH to PUT in the import workflow, which is very similar to upgrade.

elasticmachine commented 5 months ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 5 months ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 5 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)