[Security Solution] Use CellActions registry in Discover data grid #157201
Conversation
…/semd/kibana into poc_discover_custom_cell_actions
|
Pinging @elastic/security-threat-hunting (Team:Threat Hunting) |
|
@elasticmachine merge upstream |
There was a problem hiding this comment.
I think extending the cell actions of Discover data grid makes much sense 👍
We will have a closer look at it next week. Playing with it, I have an initial question. When I add something to a timeline, what does it mean in this cases? I've created a custom dashboard showing e-commerce orders, I've added some of the values to a timeline. Now those values are visible in the query builder, but that's it. Since the data view Alerts is selected, there are no entries visible in the table. I guess it's expected. But as a newbie user more familiar with Discover / Dashboards it's not 100% clear what add to "Add to timeline" means in this case
src/plugins/discover/public/application/context/context_app_content.test.tsx
Outdated
Show resolved
Hide resolved
src/plugins/discover/public/components/discover_grid/discover_grid.tsx
Outdated
Show resolved
Hide resolved
Hi @kertal |
@semd Thx, this makes sense. Quick follow up, what's the quickest way to generate test data for the security related data? 
|
|
@kertal What I usually do to generate some alerts data locally is executing the test generator with: And then create a new rule in the UI (/app/security/rules/create) that takes everything |
@semd thx, now it makes much more sense for me, and looking at it, I think we should align styling and wording, here's a screen to compare 
|
|
Hey team! As Sergi mentioned, I am taking it over from here. First of all, thank you for helping us improve CellActions ❤️ I pushed code with KBN types allowlist. We are only going to display @davismcphee I tried to reproduce the response field bug step-by-step, but it works for me. I suspect that a previous change fixed it. Could you try to reproduce it one more time with the current changes? Jun-20-2023.15-23-26.mp4 |
There was a problem hiding this comment.
Hi @machadoum,
Thanks for continuing the work and planning on extending cell actions package with more types!
| () => | ||
| cellActionsTriggerId && !isPlainRecord | ||
| ? visibleColumns.map((columnName) => { | ||
| const field = dataView.getFieldByName(columnName)?.spec; |
There was a problem hiding this comment.
Can be simplified. Also mock changes might be unnecessary.
| const field = dataView.getFieldByName(columnName)?.spec; | |
| const field = dataView.getFieldByName(columnName); |
| if ( | ||
| !field?.type || | ||
| !SUPPORTED_CELL_ACTIONS_TYPES.includes(field.type as KBN_FIELD_TYPES) | ||
| ) { |
There was a problem hiding this comment.
This logic could be probably extracted into a function inside @kbn/cell-actions package: for example, isSupportedByCellActions(field).
There was a problem hiding this comment.
Would be great to cover it with tests.
src/plugins/discover/public/components/discover_grid/discover_grid_cell_actions.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
@machadoum Thanks for the updates, the allowlist change looks good to me! Overall this PR seems just about ready to merge, except I'm still encountering the issue with adding saved searches containing a flattened field to a Dashboard.
Here's a quick video of what I'm doing from start to finish to reproduce the issue: https://github.com/elastic/kibana/assets/25592674/5904ba82-f015-4263-98f3-e02da83ff696
@davismcphee I tried to reproduce the response field bug step-by-step, but it works for me. I suspect that a previous change fixed it. Could you try to reproduce it one more time with the current changes?
I'm now thinking this might just be a misunderstanding on my part and maybe this is expected. I notice in your video there's a search bar above the dashboard, but I'm not seeing one when I view my dashboard, which probably explains why clicking the filter actions don't do anything for me:
This one is less of a concern for me anyway since it doesn't have an impact outside of Security, so I'd be happy to merge with the current behaviour if it's working as expected for your team. The only thing left I'd like to make sure we figure out before I approve is the blank saved search panel since it impacts any dashboard configured this way.
|
Hey @davismcphee! [edited] [edited2] The search bar doesn't show up when you don't have security solution indices. That explains the mystery. But it is a weird scenario, I will double-check with the team. |
There was a problem hiding this comment.
I tested with the latest changes and the blank panel issue is fixed! Also thanks for adding those tests to help prevent it in the future. I'm glad you were able to get to the bottom of the missing search bar, I'll leave it to you to decide if that's something you need to address in this PR or not. Thanks for all the work on this, LGTM 👍
af336de to
680ba4d
Compare
|
@elasticmachine merge upstream |
8743a60 to
74767dd
Compare
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: cc @machadoum @semd |
…ctions (#160095) ## Summary Add support for `Boolean` and `Number` types to CellActions and update Security Actions accordingly. It also fixes the copy-to-clipboard action for fields of the type number (`process.parent.pid`). issue: #159298 - [x] Remove discover fields value casting if it gets merged after the [discover PR](#157201) ### How to test it? The quickest way is to find an alert field that is a boolean or number on the alerts page and check if security solution actions still work. But all boolean fields that I tested are actually strings. 🤷 Alternatively, you could render the `<SecurityCellActions />` with fake data (boolean and number). ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Summary
closes: #157191
Enables Discover DataGrid to use registered cell actions instead of the default static actions.
New
cellActionsTriggerIdpropThis PR introduces a new
cellActionsTriggerIdoptional prop in the DataGrid component:kibana/src/plugins/discover/public/components/discover_grid/discover_grid.tsx
Lines 198 to 201 in 98c210f
When this prop is defined, the component queries the trigger's registry to retrieve the cellActions attached to it, using the CellActions package'
useDataGridColumnsCellActionshook. This hook returns the cellActions array ready to be passed for each column to the EuiDataGrid component.When (non-empty) actions are found in the registry, they are used, replacing all of the default static Discover actions. Otherwise, the default cell actions are used.
This new prop also allows other instances of the Discover DataGrid to be configured with custom cell actions, which will probably be needed by Security Timeline integration with Discover.
New
SEARCH_EMBEDDABLE_CELL_ACTIONS_TRIGGERTriggerAlong with the new
cellActionsTriggerIdprop the plugin also registers a new trigger for "saved search" embeddable:kibana/src/plugins/discover/public/plugin.tsx
Line 387 in 055750c
And it gets passed to the DataGrid component on the Embeddable creation:
kibana/src/plugins/discover/public/embeddable/saved_search_embeddable.tsx
Line 403 in 055750c
Having this new trigger available allows solutions to attach custom actions to it, in order to be displayed in the saved search embeddables. Each action will be able to implement its
isCompatiblecheck to determine if they are going to be displayed in the embedded saved search DataGrid field, or not. If no compatible actions are found, DataGrid will render the default static actions.ℹ️ In this implementation, the actions registered to this new "embeddable trigger" need to check if they are being rendered inside Security using the
isCompatiblefunction, to prevent them from being displayed in other solutions, resulting in a non-optimal architecture. This approach was needed since there's no plausible way to pass thecellActionsTriggerIdproperty from the Dashboard Renderer used in Security, all the way down to the specific Discover "saved search" embeddable. However, the Dashboards team is planning to enable us to pass options to nested embeddables using a registry (#148933). When this new tool is available we will be able to delegate the trigger registering to Security and configure the "saved search" embeddables to use it. Therefore, the trigger will only be used by Security, so we won't have to worry about Security actions being rendered outside Security.Videos
before:
regular_discover_actions.mov
after:
custom_discover_actions.mov