[Cases] Allow to add additional fields to IBM resilient connector

[janmonschke]

Summary

Allows to send additional properties via the IBM resilient connector

Fixes #213890, Fixes #213896

How to test

• Set up the IBM resilient connector and enable it
• Create a new case and add {"test_text":"test"} to Additional fields
• Save the case and check that the field exists in IBM resilient
• Go back to the case in Kibana, update the additional fields, push the update and check that the new value is present in IBM resilient

(Advanced):

Try setting one of these values:

{
    "testing": "test",
    "test_text": "the text",
    "test_boolean": true,
    "test_number": 123,
    "test_date_picker": 2390748293,
    "test_date_time_picker": 2390748298,
    "test_select": 4,
    "test_multi_select": [1,3],
    "test_text_area": ""
}

Try setting test_select or test_multi_select. They are values that are validated on the server.

[elasticmachine]

Pinging @elastic/kibana-cases (Team:Cases)

[janmonschke]

@cnasikas This is needed in order to automatically transform the additionalFields string to an object that we can run validations on.

[cnasikas]

Thanks for fixing that. It makes sense to me.

[pmuellr]

Adding new parameters to a Connector typically involves creating an intermediate release, that just includes parameter schema changes. For more info: https://docs.elastic.dev/reops/developer-guide/best-practices-rules#upgrades-and-rollbacks . Note some of the docs only reference rule params, but connector params are affected here as well.

Typically folks will create a PR with JUST the schema changes, and anything else required for them, and nothing else. Get that merged, and running on Serverless. After it's running on Serverless, the rest of the PR can be merged. So there's typically ~ one week delay between these ...

[janmonschke]

@pmuellr Could you comment on the pieces of code I'd need to put into a separate PR? Is it just the changes in x-pack/platform/plugins/shared/cases/common/types/domain/connector/v1.ts?

[janmonschke]

@pmuellr looking at the slides you linked 👍 If I put the UI behind a feature flag, we should be good as well, right?

[pmuellr]

Could you comment on the pieces of code I'd need to put into a separate PR? Is it just the changes in x-pack/platform/plugins/shared/cases/common/types/domain/connector/v1.ts?

Correct. Though typically we don't modify "version" files like a v1.ts, but instead create a v2.ts. Not sure that's required in this case. @cnasikas ?

looking at the slides you linked 👍 If I put the UI behind a feature flag, we should be good as well, right?

Correct. Just more work, as you'll have to deal with the changing the feature flag in a later release to make it the default. :-)

[michaelolo24]

👌🏾 Thanks!

[michaelolo24]

👏🏾

[michaelolo24]

Really nice error messaging here to get around the multi-select expectations. Thanks!

[michaelolo24]

Just confirming this is always expected to be number and doesn't need an additional isDate() conversion/check?

[janmonschke]

Yep, this is supposed to be a number. Any other value will return a 400 from IBM Resilient

[michaelolo24]

Nice work, thank you for getting this done so promptly!

[cnasikas]

I am not sure if older versions of Resilient respond with this field. Should we make it optional (nullable) just to be safe?

[janmonschke]

Removed in 2393254

[cnasikas]

I would say not to make any assumptions about how users would put their custom fields. The IBM documentation is clear, so they should put the properties themselves. For example this is what they should put in the editor:

{
  "state":  41,
   "properties": {
       "foo": "bar"
    }
}

[janmonschke]

imo, properties is an implementation detail and not necessarily known by the people that will use Kibana cases. I can change the logic to allow arbitrary prefixes if that sounds better?

[janmonschke]

Done in 2393254 & 6dde18d

[cnasikas]

We should remove this and add [unknown: string]: unknown, correct?

[janmonschke]

Yep, done

[cnasikas]

I am a bit concerned that we validate the values. What if an existing rule starts to fail because we started validating the fields?

[janmonschke]

If an invalid value is supplied, the request to IBM will fail anyways. This is just a way to enhance the editing experience, since customers will have to add id(s) and not labels.

[cnasikas]

Are we sure that all IBM resilient versions behave the same? Maybe we can fail at everything new but not at the old/existing fields?

[janmonschke]

You mean only validate fields from the additionalFields?

[cnasikas]

I was thinking that, yes, to be sure that we do not introduce a breaking change. Maybe I am too cautious. Wdyt?

[janmonschke]

Sounds sensible to me. Mind if I do that in a follow-up PR?

[cnasikas]

Yes, ofc.

[cnasikas]

I am a bit concerned that we validate the values. What if an existing rule starts to fail because we started validating here?

[janmonschke]

If there is no metadata for that field, we cannot determine the required shape for the update request, which is why we rely on it here.

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: e21bbc3

Failed CI Steps

• FTR Configs #16
• FTR Configs #32
• FTR Configs #99

Test Failures

• [job] [logs] FTR Configs #16 / Endpoint plugin @ess @serverless @skipInServerlessMKI test metadata apis list endpoints GET route "after all" hook for "metadata api should return all hosts when filter is empty string"
• [job] [logs] FTR Configs #32 / integrations When on the Trusted Apps list "after all" hook for "should be able to add a new trusted app and remove it"
• [job] [logs] FTR Configs #99 / security APIs - Session Idle Session Idle cleanup should properly clean up session expired because of idle timeout when providers override global session config

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
cases	1173	1174	+1
stackConnectors	368	369	+1
total			+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cases	1.4MB	1.4MB	+3.0KB
stackConnectors	714.0KB	722.7KB	+8.7KB
total			+11.7KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
cases	140.8KB	141.0KB	+168.0B
stackConnectors	66.3KB	66.7KB	+459.0B
total			+627.0B

History

• 💚 Build #345402 succeeded b430b41
• 💔 Build #345382 failed 384bcb1
• 💔 Build #345376 failed f54740b
• 💚 Build #344881 succeeded 6178d9b
• 💔 Build #344771 failed 3317484
• 💔 Build #344669 failed 123dcf9

cc @janmonschke

[cnasikas]

LGTM! I tested and it is working as expected. My main concerns are:

• Is throwing an error by validating the fields safe? I am concern about the old fields, not the new ones. Does all IBM resilient versions behave the same? Or was a case where some version did not throw an error for the old values?
• About the custom fields and prefixing the properties, I do not think it is an implementation detail, because this is how the IBM Rest API docs tell you how to submit custom fields. Also, what if a custom field has the same key as a root field? Users will never be able to set both fields.

[cnasikas]

Could you please add some test to cover the new functionality?

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)