Updates related_integrations field API docs #5183
Conversation
maximpn
added
Team: Detections/Response
|
A documentation preview will be available soon. Request a new doc build by commenting
If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here. |
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | ||
|
|
||
| * `package` (String, required): Integration package's name EPR uses | ||
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. |
There was a problem hiding this comment.
We might want to sort these by required and optional, although this is a weird field where in some cases it's optional and in others it's not
There was a problem hiding this comment.
@dplumlee Yeah, if this was strictly optional all the time, I'd say re-order the list, but since it's a little of both it's good ordered as it is.
|
|
||
| * `package` (String, required): Integration package's name EPR uses | ||
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. | ||
| * `version`: (String, required): Integration (package containing the integration) version constraint in https://semver.org/[semantic versioning] format. For version ranges, you must use tilde or caret syntax. For example, `~1.2.3` is from 1.2.3 to any patch version less than `1.3.0`, and `^1.2.3` is from `1.2.3`` to any minor and patch version less than `2.0.0`. |
There was a problem hiding this comment.
For example,
~1.2.3is from 1.2.3 to any patch version less than1.3.0, and^1.2.3is from1.2.3`` to any minor and patch version less than2.0.0`.
Do we want to display this example inline with the API field description itself or is there a better way to frame this (like a note or something)? @joepeeples
There was a problem hiding this comment.
I think it's OK inline as is. I tinkered with a note or new paragraph on my local build, but it looked kinda disruptive.
|
This pull request is now in conflicts. Could you fix it @maximpn? 🙏 |
There was a problem hiding this comment.
Thanks @maximpn for creating these updates! Added a few suggestions and comments. I'm not sure what's causing the conflicts in the PR but will look at that next.
| @@ -380,6 +380,12 @@ Required when `actions` are used to send notifications. | |||
|
|
|||
| * `field_names`: String[] , required | |||
|
|
|||
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | |||
There was a problem hiding this comment.
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | |
| |related_integrations |Object[] a| {integrations-docs}[Elastic integrations] the rule depends on. The object has these fields: |
There was a problem hiding this comment.
It seems vscode doesn't properly parse integrations-docs link and shows it as is. Is there a way to verify it locally?
There was a problem hiding this comment.
@maximpn you can build the Security docs locally if you also have elastic/docs cloned on your machine. Run the command line build alias docbldsec --open to build the Security docs, and they'll open in a browser.
That can be a bit involved, so the PR preview from CI is another way to verify. I checked and the link resolves correctly.
| @@ -380,6 +380,12 @@ Required when `actions` are used to send notifications. | |||
|
|
|||
| * `field_names`: String[] , required | |||
|
|
|||
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | |||
|
|
|||
| * `package` (String, required): Integration package's name EPR uses | |||
There was a problem hiding this comment.
Some users might not know what EPR stands for, or maybe they're unfamiliar with Elastic Package Registry in general. I'm also wondering how they'd find out what a given package's name is; maybe we can add a link to help them find the integration/packages they're trying to add?
I tried looking for a list in elastic/package-registry but didn't find anything. Maybe elastic/integrations/tree/main/packages?
There was a problem hiding this comment.
I don't think we have package name documented somewhere. For example this page shows integrations list. Package's name as well as integration's name are in fact identifies and hidden from users. UI fetches integrations list from EPR (of course not directly but via Fleet) and uses that ids for API requests. To be 100% sure about id correctness users should use EPR. EPR allows to search for a package while the package contains integrations. After that package or integration ids can be saved since these a stable.
@joepeeples what do you think the best approach to describe it?
There was a problem hiding this comment.
@maximpn Simpler is probably better; we can link users to the EPR repo, which documents the API requests that can help them search for the right packages and integrations.
| * `package` (String, required): Integration package's name EPR uses | |
| * `package` (String, required): The integration package's name, as used by the https://github.com/elastic/package-registry[Elastic Package Registry]. |
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | ||
|
|
||
| * `package` (String, required): Integration package's name EPR uses | ||
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. |
There was a problem hiding this comment.
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. | |
| * `integration` (String, optional): The integration's name. This field is optional for packages with only one integration whose name matches the package name, but it's required for packages with multiple integrations. |
| @@ -278,6 +278,12 @@ rule's version number is incremented by 1. | |||
| `PATCH` calls enabling and disabling the rule do not increment its version | |||
| number. | |||
|
|
|||
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | |||
There was a problem hiding this comment.
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | |
| |related_integrations |Object[] a| {integrations-docs}[Elastic integrations] the rule depends on. The object has these fields: |
| |related_integrations |Object[] a| Fleet integrations the rule depends on. The object has three fields: | ||
|
|
||
| * `package` (String, required): Integration package's name EPR uses | ||
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. |
There was a problem hiding this comment.
| * `integration` (String, optional): Integration's name. It's optional for packages with the only one integration whose name matches package name but required for packages with multiple integrations. | |
| * `integration` (String, optional): The integration's name. This field is optional for packages with only one integration whose name matches the package name, but it's required for packages with multiple integrations. |
|
This pull request is now in conflicts. Could you fix it @maximpn? 🙏 |
maximpn
force-pushed
the
allow-editing-related-integrations
branch
from
acff659
to
e8dbbbb
Compare
|
Hi @joepeeples, I've updated the PR according to your comments. The last this left is to describe how to get a package name and a link to EPR documentation. Check my comment above. |
| @@ -286,6 +286,12 @@ rule's version number is incremented by 1. | |||
| `PATCH` calls enabling and disabling the rule do not increment its version | |||
| number. | |||
|
|
|||
| |related_integrations |Object[] a| {integrations-docs}[Elastic integrations] the rule depends on. The object has these fields: | |||
|
|
|||
| * `package` (String, required): Integration package's name EPR uses | |||
There was a problem hiding this comment.
| * `package` (String, required): Integration package's name EPR uses | |
| * `package` (String, required): The integration package's name, as used by the https://github.com/elastic/package-registry[Elastic Package Registry]. |
|
I've addressed your last comments. Could you review the recent changes? |
Relates to: elastic/kibana#173595
Epic: https://github.com/elastic/security-team/issues/1974
Summary
API updates for elastic/kibana#173595.
Updates related API docs for related_integration field changes made in elastic/kibana#178295.