Skip to content

ROX-33308: Add process criteria to node event policies#19252

Open
sachaudh wants to merge 3 commits intomasterfrom
ROX-33308-node-event-process-criteria
Open

ROX-33308: Add process criteria to node event policies#19252
sachaudh wants to merge 3 commits intomasterfrom
ROX-33308-node-event-process-criteria

Conversation

@sachaudh
Copy link
Contributor

@sachaudh sachaudh commented Mar 2, 2026
edited
Loading

Description

Jira: ROX-33308

Add Process Name, Process Ancestor, Process Arguments, and Process UID
as available criteria when creating Node event policies in the policy wizard.
Also add a section validator enforcing that process criteria require File Path,
since detection is file-access-driven and process info is metadata on those events.

  • Add 4 process text descriptors to nodeEventDescriptor
  • Add "Process criteria require file path" section validator
  • Add test coverage for the new validator

Note: Backend support (ROX-30807, ROX-33000) must land before these
criteria function end-to-end.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  • All existing and new unit tests pass (npm run test -- 1343 passed, 2 skipped)
  • New validator tests cover: appliesTo gating, fail without File Path, pass with File Path, pass with file-only criteria

Screenshots

Screen.Recording.2026-03-02.at.8.51.24.AM.mov

@openshift-ci
Copy link

openshift-ci bot commented Mar 2, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@sachaudh sachaudh force-pushed the ROX-33308-node-event-process-criteria branch from 0d98d45 to 0a478bb Compare March 2, 2026 17:15
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Mar 2, 2026
edited
Loading

Images are ready for the commit at a352397.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-282-ga3523970f0.

@codecov
Copy link

codecov bot commented Mar 2, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 49.68%. Comparing base (35bfdb7) to head (a352397).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #19252      +/-   ##
==========================================
- Coverage   49.68%   49.68%   -0.01%     
==========================================
  Files        2695     2695              
  Lines      202798   202798              
==========================================
- Hits       100757   100756       -1     
  Misses      94527    94527              
- Partials     7514     7515       +1
Flag Coverage Δ
go-unit-tests 49.68% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sachaudh
Copy link
Contributor Author

sachaudh commented Mar 3, 2026

/test gke-ui-e2e-tests

@sachaudh sachaudh marked this pull request as ready for review March 3, 2026 14:39
@sachaudh sachaudh requested a review from a team as a code owner March 3, 2026 14:39
@sachaudh sachaudh force-pushed the ROX-33308-node-event-process-criteria branch 2 times, most recently from 2cb5231 to c1557db Compare March 6, 2026 15:04
sachaudh added 3 commits March 10, 2026 07:08
@sachaudh
ROX-33308: Add process criteria to node event policy wizard
fc85ebe 
Process Name, Process Ancestor, Process Arguments, and Process UID
are now available as criteria when creating Node event policies.
A section validator enforces that process criteria cannot be used
without File Path, since detection is driven by file access events
and process info is metadata on those events.

Backend support (ROX-30807, ROX-33000) must register these process
fields for NODE_EVENT before the criteria will function end-to-end.

Partially generated by AI.

Signed-off-by: Saif Chaudhry <schaudhr@redhat.com>
@sachaudh
refactor(ui): extract shared process activity descriptors
31dc77d 
The 4 process criteria descriptors (Process Name, Process Ancestor,
Process Arguments, Process UID) were duplicated identically between
policyCriteriaDescriptors and nodeEventDescriptor arrays. Extract
into a shared processActivityDescriptors constant and spread into
both arrays to eliminate ~80 lines of duplication.

Partially generated by AI

Signed-off-by: Saif Chaudhry <schaudhr@redhat.com>
@sachaudh
fix(ui): restrict process-file path dependency to node policies only
a352397 
Deployment runtime policies have a separate process event stream, so
process criteria can be used in isolation. The file path requirement
only applies to node policies where process details come exclusively
via the file activity event stream.

Signed-off-by: Saif Chaudhry <schaudhr@redhat.com>
@sachaudh sachaudh force-pushed the ROX-33308-node-event-process-criteria branch from c1557db to a352397 Compare March 10, 2026 14:15
@sachaudh sachaudh requested a review from dvail March 10, 2026 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Stringy Stringy Stringy left review comments

@JoukoVirtanen JoukoVirtanen JoukoVirtanen left review comments

@dvail dvail Awaiting requested review from dvail

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

ai-assisted area/ui epic/file-activity-monitoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sachaudh @rhacs-bot @dvail @Stringy @JoukoVirtanen