[Security Solution] Remove runtime fields from sourcerer data model (e…

…lastic#189891)

## Summary

Runtime mappings should be obtained from data view spec, we are removing
this field from the sourcerer model and all the uses will depend on the
embedded spec from now on.

x-pack/packages/security-solution/data_table/mock/mock_source.ts

@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import type { MappingRuntimeFields } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import { BrowserFields } from '@kbn/timelines-plugin/common';
 
 export const mockBrowserFields: BrowserFields = {
@@ -316,12 +315,3 @@ export const mockBrowserFields: BrowserFields = {
     },
   },
 };
-
-export const mockRuntimeMappings: MappingRuntimeFields = {
-  '@a.runtime.field': {
-    script: {
-      source: 'emit("Radical dude: " + doc[\'host.name\'].value)',
-    },
-    type: 'keyword',
-  },
-};

x-pack/plugins/security_solution/public/common/components/events_viewer/index.tsx

@@ -33,6 +33,7 @@ import { isEmpty } from 'lodash';
 import { getEsQueryConfig } from '@kbn/data-plugin/common';
 import type { EuiTheme } from '@kbn/kibana-react-plugin/common';
 import type { EuiDataGridRowHeightsOptions } from '@elastic/eui';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { ALERTS_TABLE_VIEW_SELECTION_KEY } from '../../../../common/constants';
 import type { Sort } from '../../../timelines/components/timeline/body/sort';
 import type {
@@ -179,7 +180,7 @@ const StatefulEventsViewerComponent: React.FC<EventsViewerProps & PropsFromRedux
     browserFields,
     dataViewId,
     indexPattern,
-    runtimeMappings,
+    sourcererDataView,
     selectedPatterns,
     dataViewId: selectedDataViewId,
     loading: isLoadingIndexPattern,
@@ -315,7 +316,7 @@ const StatefulEventsViewerComponent: React.FC<EventsViewerProps & PropsFromRedux
       id: tableId,
       indexNames: indexNames ?? selectedPatterns,
       limit: itemsPerPage,
-      runtimeMappings,
+      runtimeMappings: sourcererDataView?.runtimeFieldMap as RunTimeMappings,
       skip: !canQueryTimeline,
       sort: sortField,
       startDate: start,

x-pack/plugins/security_solution/public/common/mock/global_state.ts

@@ -40,7 +40,7 @@ import type { ManagementState } from '../../management/types';
 import { initialSourcererState, SourcererScopeName } from '../../sourcerer/store/model';
 import { allowedExperimentalValues } from '../../../common/experimental_features';
 import { getScopePatternListSelection } from '../../sourcerer/store/helpers';
-import { mockBrowserFields, mockIndexFields, mockRuntimeMappings } from '../containers/source/mock';
+import { mockBrowserFields, mockIndexFields } from '../containers/source/mock';
 import { usersModel } from '../../explore/users/store';
 import { UsersFields } from '../../../common/search_strategy/security_solution/users/common';
 import { initialGroupingState } from '../store/grouping/reducer';
@@ -62,7 +62,6 @@ export const mockSourcererState: SourcererState = {
     fields: mockFieldMap,
     loading: false,
     patternList: [...DEFAULT_INDEX_PATTERN, `${DEFAULT_SIGNALS_INDEX}-spacename`],
-    runtimeMappings: mockRuntimeMappings,
     title: [...DEFAULT_INDEX_PATTERN, `${DEFAULT_SIGNALS_INDEX}-spacename`].join(','),
   },
 };

x-pack/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx

@@ -38,6 +38,7 @@ import {
   tableDefaults,
   TableId,
 } from '@kbn/securitysolution-data-table';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { EndpointExceptionsViewer } from '../../../endpoint_exceptions/endpoint_exceptions_viewer';
 import { AlertsTableComponent } from '../../../../detections/components/alerts_table';
 import { GroupedAlertsTable } from '../../../../detections/components/alerts_table/alerts_grouping';
@@ -232,11 +233,9 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
   const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } =
     useListsConfig();
 
-  const {
-    sourcererDataView,
-    runtimeMappings,
-    loading: isLoadingIndexPattern,
-  } = useSourcererDataView(SourcererScopeName.detections);
+  const { sourcererDataView, loading: isLoadingIndexPattern } = useSourcererDataView(
+    SourcererScopeName.detections
+  );
 
   const loading = userInfoLoading || listsConfigLoading;
   const { detailName: ruleId } = useParams<{
@@ -760,7 +759,7 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                         hasIndexWrite={hasIndexWrite ?? false}
                         loading={loading}
                         renderChildComponent={renderGroupedAlertTable}
-                        runtimeMappings={runtimeMappings}
+                        runtimeMappings={sourcererDataView?.runtimeFieldMap as RunTimeMappings}
                         signalIndexName={signalIndexName}
                         tableId={TableId.alertsOnRuleDetailsPage}
                         to={to}

x-pack/plugins/security_solution/public/detections/components/alerts_table/index.tsx

@@ -22,6 +22,7 @@ import {
   tableDefaults,
   TableId,
 } from '@kbn/securitysolution-data-table';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { useGlobalTime } from '../../../common/containers/use_global_time';
 import { useLicense } from '../../../common/hooks/use_license';
 import { VIEW_SELECTION } from '../../../../common/constants';
@@ -127,7 +128,7 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
   const {
     browserFields,
     indexPattern: indexPatterns,
-    runtimeMappings,
+    sourcererDataView,
   } = useSourcererDataView(sourcererScope);
   const license = useLicense();
 
@@ -284,7 +285,7 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
       onUpdate: onAlertTableUpdate,
       cellContext,
       onLoaded: onLoad,
-      runtimeMappings,
+      runtimeMappings: sourcererDataView?.runtimeFieldMap as RunTimeMappings,
       toolbarVisibility: {
         showColumnSelector: !isEventRenderedView,
         showSortSelector: !isEventRenderedView,
@@ -301,10 +302,10 @@ export const AlertsTableComponent: FC<DetectionEngineAlertTableProps> = ({
       finalColumns,
       finalBrowserFields,
       onAlertTableUpdate,
-      runtimeMappings,
-      isEventRenderedView,
       cellContext,
       onLoad,
+      sourcererDataView?.runtimeFieldMap,
+      isEventRenderedView,
     ]
   );
 

x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_bulk_to_timeline.tsx

@@ -12,6 +12,7 @@ import type { Filter } from '@kbn/es-query';
 import { getEsQueryConfig } from '@kbn/data-plugin/public';
 import type { BulkActionsConfig } from '@kbn/triggers-actions-ui-plugin/public/types';
 import { dataTableActions, TableId, tableDefaults } from '@kbn/securitysolution-data-table';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import type { CustomBulkAction } from '../../../../../common/types';
 import { combineQueries } from '../../../../common/lib/kuery';
 import { useKibana } from '../../../../common/lib/kibana';
@@ -66,8 +67,8 @@ export const useAddBulkToTimelineAction = ({
   const {
     browserFields,
     dataViewId,
-    runtimeMappings,
     indexPattern,
+    sourcererDataView,
     // important to get selectedPatterns from useSourcererDataView
     // in order to include the exclude filters in the search that are not stored in the timeline
     selectedPatterns,
@@ -119,7 +120,7 @@ export const useAddBulkToTimelineAction = ({
     sort: timelineQuerySortField,
     indexNames: selectedPatterns,
     filterQuery,
-    runtimeMappings,
+    runtimeMappings: sourcererDataView?.runtimeFieldMap as RunTimeMappings,
     limit: Math.min(BULK_ADD_TO_TIMELINE_LIMIT, totalCount),
     timerangeKind: 'absolute',
   });

x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx

@@ -33,6 +33,7 @@ import {
 } from '@kbn/securitysolution-data-table';
 import { isEqual } from 'lodash';
 import type { FilterGroupHandler } from '@kbn/alerts-ui-shared';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { DetectionEngineFilters } from '../../components/detection_engine_filters/detection_engine_filters';
 import { FilterByAssigneesPopover } from '../../../common/components/filter_by_assignees_popover/filter_by_assignees_popover';
 import type { AssigneesIdsSelection } from '../../../common/components/assignees/types';
@@ -152,7 +153,6 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ()
 
   const {
     sourcererDataView,
-    runtimeMappings,
     loading: isLoadingIndexPattern,
     indexPattern,
   } = useSourcererDataView(SourcererScopeName.detections);
@@ -419,7 +419,7 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ()
                 alertsDefaultFilters={alertsDefaultFilters}
                 isLoadingIndexPattern={isChartPanelLoading}
                 query={query}
-                runtimeMappings={runtimeMappings}
+                runtimeMappings={sourcererDataView?.runtimeFieldMap as RunTimeMappings}
                 signalIndexName={signalIndexName}
                 updateDateRangeCallback={updateDateRangeCallback}
               />
@@ -435,7 +435,7 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ()
               hasIndexWrite={hasIndexWrite ?? false}
               loading={isAlertTableLoading}
               renderChildComponent={renderAlertTable}
-              runtimeMappings={runtimeMappings}
+              runtimeMappings={sourcererDataView?.runtimeFieldMap as RunTimeMappings}
               signalIndexName={signalIndexName}
               tableId={TableId.alertsOnAlertsPage}
               to={to}

x-pack/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx

@@ -10,6 +10,7 @@ import { TableId } from '@kbn/securitysolution-data-table';
 import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import type { Filter } from '@kbn/es-query';
 
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { HeaderSection } from '../../../common/components/header_section';
 
 import * as i18n from './translations';
@@ -45,7 +46,7 @@ export const TopRiskScoreContributorsAlerts: React.FC<TopRiskScoreContributorsAl
   const { to, from } = useGlobalTime();
   const [{ loading: userInfoLoading, signalIndexName, hasIndexWrite, hasIndexMaintenance }] =
     useUserData();
-  const { runtimeMappings } = useSourcererDataView(SourcererScopeName.detections);
+  const { sourcererDataView } = useSourcererDataView(SourcererScopeName.detections);
   const getGlobalFiltersQuerySelector = useMemo(
     () => inputsSelectors.globalFiltersQuerySelector(),
     []
@@ -121,7 +122,7 @@ export const TopRiskScoreContributorsAlerts: React.FC<TopRiskScoreContributorsAl
               hasIndexWrite={hasIndexWrite ?? false}
               loading={userInfoLoading || loading}
               renderChildComponent={renderGroupedAlertTable}
-              runtimeMappings={runtimeMappings}
+              runtimeMappings={sourcererDataView?.runtimeFieldMap as RunTimeMappings}
               signalIndexName={signalIndexName}
               tableId={TableId.alertsRiskInputs}
               to={to}

x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.test.ts

@@ -45,7 +45,6 @@ describe('useThreatIntelligenceDetails', () => {
       .mockReturnValue({ isAlert: true } as unknown as GetBasicDataFromDetailsData);
 
     jest.mocked(useSourcererDataView).mockReturnValue({
-      runtimeMappings: {},
       browserFields: {},
       dataViewId: '',
       loading: false,

x-pack/plugins/security_solution/public/flyout/document_details/left/hooks/use_threat_intelligence_details.ts

@@ -71,7 +71,7 @@ export const useThreatIntelligenceDetails = (): ThreatIntelligenceDetailsResult
   const [isEventDataLoading, eventData] = useTimelineEventsDetails({
     indexName,
     eventId,
-    runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings,
+    runtimeMappings: sourcererDataView.sourcererDataView?.runtimeFieldMap as RunTimeMappings,
     skip: !eventId,
   });
 

x-pack/plugins/security_solution/public/flyout/document_details/shared/hooks/use_event_details.ts

@@ -87,7 +87,7 @@ export const useEventDetails = ({
     useTimelineEventsDetails({
       indexName: eventIndex,
       eventId: eventId ?? '',
-      runtimeMappings: sourcererDataView.runtimeMappings as RunTimeMappings,
+      runtimeMappings: sourcererDataView?.sourcererDataView?.runtimeFieldMap as RunTimeMappings,
       skip: !eventId,
     });
   const getFieldsData = useGetFieldsData(searchHit?.fields);

x-pack/plugins/security_solution/public/sourcerer/containers/get_sourcerer_data_view.test.ts

@@ -40,7 +40,6 @@ describe('getSourcererDataView', () => {
         runtimeFieldMap: {},
       },
       browserFields: {},
-      runtimeMappings: {},
     });
   });
   it('should call dataViewsService.get with the correct arguments', async () => {

x-pack/plugins/security_solution/public/sourcerer/containers/get_sourcerer_data_view.ts

@@ -7,7 +7,7 @@
 
 import type { DataViewsServicePublic } from '@kbn/data-views-plugin/public/types';
 import { ensurePatternFormat } from '../../../common/utils/sourcerer';
-import type { SourcererDataView, RunTimeMappings } from '../store/model';
+import type { SourcererDataView } from '../store/model';
 import { getDataViewStateFromIndexFields } from '../../common/containers/source/use_data_view';
 
 export const getSourcererDataView = async (
@@ -29,6 +29,5 @@ export const getSourcererDataView = async (
     dataView: dataViewData,
     browserFields: getDataViewStateFromIndexFields(dataViewData.id ?? '', dataViewData.fields)
       .browserFields,
-    runtimeMappings: dataViewData.runtimeFieldMap as RunTimeMappings,
   };
 };

x-pack/plugins/security_solution/public/sourcerer/containers/index.tsx

@@ -126,7 +126,6 @@ export const useSourcererDataView = (
       },
       indicesExist,
       loading: loading || sourcererDataView.loading,
-      runtimeMappings: sourcererDataView.runtimeMappings,
       // all active & inactive patterns in DATA_VIEW
       patternList: sourcererDataView.title.split(','),
       // selected patterns in DATA_VIEW including filter

x-pack/plugins/security_solution/public/sourcerer/containers/mocks.ts

@@ -8,7 +8,7 @@
 import { mockGlobalState } from '../../common/mock';
 import type { SelectedDataView } from '../store/model';
 import { initSourcererScope } from '../store/model';
-import { mockBrowserFields, mockRuntimeMappings } from '../../common/containers/source/mock';
+import { mockBrowserFields } from '../../common/containers/source/mock';
 
 export const mockPatterns = [
   'auditbeat-*',
@@ -56,6 +56,5 @@ export const mockSourcererScope: SelectedDataView = {
   indicesExist: true,
   loading: false,
   dataViewId: mockGlobalState.sourcerer.defaultDataView.id,
-  runtimeMappings: mockRuntimeMappings,
   patternList: mockPatterns,
 };

x-pack/plugins/security_solution/public/sourcerer/store/model.ts

@@ -72,12 +72,6 @@ export interface SourcererDataView extends KibanaDataView {
   fields: DataViewSpec['fields'] | undefined;
   /** set when data view fields are fetched */
   loading: boolean;
-  /**
-   * @deprecated use sourcererDataView.runtimeMappings
-   * Needed to pass to search strategy
-   * Remove once issue resolved: https://github.com/elastic/kibana/issues/111762
-   */
-  runtimeMappings: RunTimeMappings;
   /**
    * @type DataView @kbn/data-views-plugin/common
    */
@@ -108,10 +102,6 @@ export interface SelectedDataView {
    * all active & inactive patterns from SourcererDataView['title']
    */
   patternList: string[];
-  /**
-   * @deprecated use sourcererDataView.runtimeMappings
-   */
-  runtimeMappings: SourcererDataView['runtimeMappings'];
   /**
    * @deprecated use sourcererDataView.title or sourcererDataView.matchedIndices
    * all selected patterns from SourcererScope['selectedPatterns'] */
@@ -165,7 +155,6 @@ export const initDataView: SourcererDataView & { id: string; error?: unknown } =
   fields: undefined,
   loading: false,
   patternList: [],
-  runtimeMappings: {},
   title: '',
   dataView: undefined,
 };

x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/eql/index.tsx

@@ -16,6 +16,7 @@ import type { EuiDataGridControlColumn } from '@elastic/eui';
 
 import { DataLoadingState } from '@kbn/unified-data-table';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import { useKibana } from '../../../../../common/lib/kibana';
 import {
   DocumentDetailsLeftPanelKey,
@@ -90,8 +91,8 @@ export const EqlTabContentComponent: React.FC<Props> = ({
     browserFields,
     dataViewId,
     loading: loadingSourcerer,
-    runtimeMappings,
     selectedPatterns,
+    sourcererDataView,
   } = useSourcererDataView(SourcererScopeName.timeline);
   const { augmentedColumnHeaders, timelineQueryFieldsFromColumns } = useTimelineColumns(columns);
 
@@ -132,7 +133,7 @@ export const EqlTabContentComponent: React.FC<Props> = ({
     indexNames: selectedPatterns,
     language: 'eql',
     limit: !unifiedComponentsInTimelineDisabled ? sampleSize : itemsPerPage,
-    runtimeMappings,
+    runtimeMappings: sourcererDataView?.runtimeFieldMap as RunTimeMappings,
     skip: !canQueryTimeline(),
     startDate: start,
     timerangeKind,

x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/pinned/index.tsx

@@ -14,6 +14,7 @@ import deepEqual from 'fast-deep-equal';
 import type { EuiDataGridControlColumn } from '@elastic/eui';
 import { DataLoadingState } from '@kbn/unified-data-table';
 import { useExpandableFlyoutApi } from '@kbn/expandable-flyout';
+import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
 import {
   DocumentDetailsLeftPanelKey,
   DocumentDetailsRightPanelKey,
@@ -93,7 +94,7 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
     browserFields,
     dataViewId,
     loading: loadingSourcerer,
-    runtimeMappings,
+    sourcererDataView,
     selectedPatterns,
   } = useSourcererDataView(SourcererScopeName.timeline);
   const { setTimelineFullScreen, timelineFullScreen } = useTimelineFullScreen();
@@ -167,7 +168,7 @@ export const PinnedTabContentComponent: React.FC<Props> = ({
       fields: timelineQueryFields,
       limit: itemsPerPage,
       filterQuery,
-      runtimeMappings,
+      runtimeMappings: sourcererDataView?.runtimeFieldMap as RunTimeMappings,
       skip: filterQuery === '',
       startDate: '',
       sort: timelineQuerySortField,