From 09feaf416f986b239b8e8ad95ecdda0f9d56ebec Mon Sep 17 00:00:00 2001 From: Tomasz Ciecierski Date: Fri, 10 Nov 2023 20:15:24 +0100 Subject: [PATCH] [8.11] [EDR Workflows] Fix wrong sort value in live query results (#169248) (#171044) # Backport This will backport the following commits from `main` to `8.11`: - [[EDR Workflows] Fix wrong sort value in live query results (#169248)](https://github.com/elastic/kibana/pull/169248) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) --- .../get_live_query_results_route.ts | 3 +- .../cypress/e2e/api/live_query_results.cy.ts | 49 +++++++++++++++++++ .../get_live_query_results_route.ts | 16 +++--- 3 files changed, 61 insertions(+), 7 deletions(-) create mode 100644 x-pack/plugins/osquery/cypress/e2e/api/live_query_results.cy.ts diff --git a/x-pack/plugins/osquery/common/api/live_query/get_live_query_results_route.ts b/x-pack/plugins/osquery/common/api/live_query/get_live_query_results_route.ts index ce09004ddb58f..32382e3a4312a 100644 --- a/x-pack/plugins/osquery/common/api/live_query/get_live_query_results_route.ts +++ b/x-pack/plugins/osquery/common/api/live_query/get_live_query_results_route.ts @@ -7,13 +7,14 @@ import * as t from 'io-ts'; import { toNumberRt } from '@kbn/io-ts-utils'; +import { Direction } from '../../search_strategy'; export const getLiveQueryResultsRequestQuerySchema = t.type({ kuery: t.union([t.string, t.undefined]), page: t.union([toNumberRt, t.undefined]), pageSize: t.union([toNumberRt, t.undefined]), sort: t.union([t.string, t.undefined]), - sortOrder: t.union([t.union([t.literal('asc'), t.literal('desc')]), t.undefined]), + sortOrder: t.union([t.literal(Direction.asc), t.literal(Direction.desc), t.undefined]), }); export type GetLiveQueryResultsRequestQuerySchema = t.OutputOf< diff --git a/x-pack/plugins/osquery/cypress/e2e/api/live_query_results.cy.ts b/x-pack/plugins/osquery/cypress/e2e/api/live_query_results.cy.ts new file mode 100644 index 0000000000000..1c2f1b75a92a7 --- /dev/null +++ b/x-pack/plugins/osquery/cypress/e2e/api/live_query_results.cy.ts @@ -0,0 +1,49 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { request } from '../../tasks/common'; +import { loadLiveQuery } from '../../tasks/api_fixtures'; +import { API_VERSIONS } from '../../../common/constants'; +import { ServerlessRoleName } from '../../support/roles'; + +describe('Live query', { tags: ['@ess', '@serverless'] }, () => { + let liveQueryId: string; + let queriesQueryActionId: string; + + beforeEach(() => { + cy.login(ServerlessRoleName.SOC_MANAGER); + loadLiveQuery().then((liveQuery) => { + liveQueryId = liveQuery.action_id; + queriesQueryActionId = liveQuery.queries?.[0].action_id; + }); + }); + + context('GET getLiveQueryDetailsRoute', () => { + it('validates we get successful response', () => { + request({ + url: `/api/osquery/live_queries/${liveQueryId}`, + headers: { + 'Elastic-Api-Version': API_VERSIONS.public.v1, + }, + }).then((response) => { + expect(response.status).to.eq(200); + }); + }); + }); + context('GET getLiveQueryResultsRoute', () => { + it('validates we get successful response', () => { + request({ + url: `/api/osquery/live_queries/${liveQueryId}/results/${queriesQueryActionId}`, + headers: { + 'Elastic-Api-Version': API_VERSIONS.public.v1, + }, + }).then((response) => { + expect(response.status).to.eq(200); + }); + }); + }); +}); diff --git a/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts index a1154b3b8c0d2..d73b44a794345 100644 --- a/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts +++ b/x-pack/plugins/osquery/server/routes/live_query/get_live_query_results_route.ts @@ -20,8 +20,10 @@ import { PLUGIN_ID } from '../../../common'; import type { ActionDetailsRequestOptions, ActionDetailsStrategyResponse, + ResultsRequestOptions, + ResultsStrategyResponse, } from '../../../common/search_strategy'; -import { OsqueryQueries } from '../../../common/search_strategy'; +import { Direction, OsqueryQueries } from '../../../common/search_strategy'; import { generateTablePaginationOptions } from '../../../common/utils/build_query'; import { getActionResponses } from './utils'; import { @@ -79,7 +81,7 @@ export const getLiveQueryResultsRoute = (router: IRouter( + search.search( { actionId: request.params.actionId, factoryQueryType: OsqueryQueries.results, @@ -88,10 +90,12 @@ export const getLiveQueryResultsRoute = (router: IRouter