[SECURITY SOLUTION] exclude cloud alias index from our query (#81551)

* exclude cloud alias index

* only exclude cloud alias when logs-* is there

Author: XavierM

x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.test.ts

@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { cloneDeep } from 'lodash/fp';
+import { mockGlobalState } from '../../mock';
+import { SourcererScopeName } from './model';
+import { getSourcererScopeSelector } from './selectors';
+
+describe('Sourcerer selectors', () => {
+  describe('getSourcererScopeSelector', () => {
+    it('Should exclude elastic cloud alias when selected patterns include "logs-*" as an alias', () => {
+      const mapStateToProps = getSourcererScopeSelector();
+      expect(
+        mapStateToProps(mockGlobalState, SourcererScopeName.default).selectedPatterns
+      ).toEqual([
+        'apm-*-transaction*',
+        'auditbeat-*',
+        'endgame-*',
+        'filebeat-*',
+        'logs-*',
+        'packetbeat-*',
+        'winlogbeat-*',
+        '-*elastic-cloud-logs-*',
+      ]);
+    });
+
+    it('Should NOT exclude elastic cloud alias when selected patterns does NOT include "logs-*" as an alias', () => {
+      const mapStateToProps = getSourcererScopeSelector();
+      const myMockGlobalState = cloneDeep(mockGlobalState);
+      myMockGlobalState.sourcerer.sourcererScopes.default.selectedPatterns = myMockGlobalState.sourcerer.sourcererScopes.default.selectedPatterns.filter(
+        (index) => !index.includes('logs-*')
+      );
+      expect(
+        mapStateToProps(myMockGlobalState, SourcererScopeName.default).selectedPatterns
+      ).toEqual([
+        'apm-*-transaction*',
+        'auditbeat-*',
+        'endgame-*',
+        'filebeat-*',
+        'packetbeat-*',
+        'winlogbeat-*',
+      ]);
+    });
+
+    it('Should NOT exclude elastic cloud alias when selected patterns include "logs-endpoint.event-*" as an alias', () => {
+      const mapStateToProps = getSourcererScopeSelector();
+      const myMockGlobalState = cloneDeep(mockGlobalState);
+      myMockGlobalState.sourcerer.sourcererScopes.default.selectedPatterns = [
+        ...myMockGlobalState.sourcerer.sourcererScopes.default.selectedPatterns.filter(
+          (index) => !index.includes('logs-*')
+        ),
+        'logs-endpoint.event-*',
+      ];
+      expect(
+        mapStateToProps(myMockGlobalState, SourcererScopeName.default).selectedPatterns
+      ).toEqual([
+        'apm-*-transaction*',
+        'auditbeat-*',
+        'endgame-*',
+        'filebeat-*',
+        'packetbeat-*',
+        'winlogbeat-*',
+        'logs-endpoint.event-*',
+      ]);
+    });
+  });
+});

x-pack/plugins/security_solution/public/common/store/sourcerer/selectors.ts

@@ -81,11 +81,18 @@ export const defaultIndexNamesSelector = () => {
   return mapStateToProps;
 };
 
+const EXLCUDE_ELASTIC_CLOUD_INDEX = '-*elastic-cloud-logs-*';
 export const getSourcererScopeSelector = () => {
   const getScopesSelector = scopesSelector();
 
-  const mapStateToProps = (state: State, scopeId: SourcererScopeName): ManageScope =>
-    getScopesSelector(state)[scopeId];
+  const mapStateToProps = (state: State, scopeId: SourcererScopeName): ManageScope => ({
+    ...getScopesSelector(state)[scopeId],
+    selectedPatterns: getScopesSelector(state)[scopeId].selectedPatterns.some(
+      (index) => index === 'logs-*'
+    )
+      ? [...getScopesSelector(state)[scopeId].selectedPatterns, EXLCUDE_ELASTIC_CLOUD_INDEX]
+      : getScopesSelector(state)[scopeId].selectedPatterns,
+  });
 
   return mapStateToProps;
 };