[Security Solution] Implement rule type diff algorithm

xcrzx commented 1 month ago

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Related to: https://github.com/elastic/kibana/issues/180395

Summary

Implement an algorithm for diffing the type field of detection rules. Requirements:

The algorithm should always return the target version as the merged one.
Any change to the rule type (i.e. current version != target version) should yield an unsolvable conflict.
In the upgrade/_review API response such rules should be marked as having unsolvable conflicts.
Users should not be able to upgrade the type to any version other than the target. This should be implemented under the hood in the upgrade/_perform endpoint in https://github.com/elastic/kibana/issues/166376. The type field shouldn't be part of upgradeable fields that can be passed in the request body -- FYI @jpdjere

Context from the Rule Customization RFC:

[ ] Step 1 (separate PR)
- [ ] Implement the algorithm and cover it with unit tests
[ ] Step 2 (separate PR)
- [ ] Apply the algorithm to the type field. It will become used in the upgrade/_review endpoint.
- [ ] Write a test plan covering rule upgrade scenarios for rule type updates.
- [ ] Add test coverage according to the test plan.

elasticmachine commented 1 month ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 month ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 1 month ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)