add endpoint custom documentation to generate-docs #389
Conversation
| @@ -67,6 +69,11 @@ func generateDocs(options generateOptions) error { | |||
| } | |||
|
|
|||
| for _, packageName := range packages { | |||
| err = renderCustomDocumentation(options, packageName) | |||
| if err != nil { | |||
| return errors.Wrapf(err, "rendering custom documentation failed (packageName: %s)", packageName) | |||
There was a problem hiding this comment.
Does anyone have any ideas for a better conceptual name for this documentation than "custom documentation"?
There was a problem hiding this comment.
"Detailed Documentation" ?
There was a problem hiding this comment.
enumerated docs?
packeted docs? (or some other word to logically describe the grouping breakdown of the payload types. By OS / feature)
💚 Build Succeeded
Expand to view the summary
Build stats
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
| for _, f := range event.doc.Fields.Endpoint { | ||
| detail, ok := event.doc.Fields.Details[f] | ||
| if ok { | ||
| f += "<br /><br />" + strings.TrimSpace(strings.ReplaceAll(detail.Description, "\n", " ")) |
There was a problem hiding this comment.
here is a relevant comment in another PRs that shows how this works.
https://github.com/elastic/endpoint-package/pull/391/files#r1265607445
| } | ||
|
|
||
| type eventFields struct { | ||
| Endpoint []string `yaml:"endpoint"` |
There was a problem hiding this comment.
I don't love this YAML key name (see comment in another PR here https://github.com/elastic/endpoint-package/pull/390/files#r1265610303)
|
@kevinlog can this PR's general approach be reviewed. If it looks good an LGTM would be nice. Without any requests for changes in this or any other PRs in this chain the only change I plan to make is to fill in all the "FILL ME IN" placeholders. |
|
Seeing failed From the read out, it looks like the |
|
The make failure is an artifact of me breaking this into four PRs. The final PR in the chain (#392) passes the same checks. I plan to merge PR4 into PR3, then PR3 into PR2, then PR2 into this PR, then this PR into main when it comes time to merge. I have no problem with only receiving comments that say LGTM before that merge flow happens if you'd like. But once I do it it'll be a lot harder to review just these changes. |
| @@ -67,6 +69,11 @@ func generateDocs(options generateOptions) error { | |||
| } | |||
|
|
|||
| for _, packageName := range packages { | |||
| err = renderCustomDocumentation(options, packageName) | |||
| if err != nil { | |||
| return errors.Wrapf(err, "rendering custom documentation failed (packageName: %s)", packageName) | |||
There was a problem hiding this comment.
enumerated docs?
packeted docs? (or some other word to logically describe the grouping breakdown of the payload types. By OS / feature)
|
|
||
| **This documentation is still beta** | ||
|
|
||
| The subdirectories document all ECS fields that may exist in documents generated by Endpoint into |
There was a problem hiding this comment.
'document fields in documents' - phrasing is awkward
| low := strings.ToLower(_os) | ||
| if low != "linux" && low != "macos" && low != "windows" { |
There was a problem hiding this comment.
Why not enforce strict casing for consistency?
(And does go have a cleaner "item in list" syntax?)
| low := strings.ToLower(_os) | |
| if low != "linux" && low != "macos" && low != "windows" { | |
| if _os != "linux" && _os != "macos" && _os != "windows" { |
There was a problem hiding this comment.
Ah. I see that you do enforce consistency later - on output.
Co-authored-by: John U <[email protected]>
Co-authored-by: John U <[email protected]>
Co-authored-by: Leszek Kubik <[email protected]>
* add minimal custom_documentation files * fill in FILL ME IN * add linux and macos unquarantine * change heartbeat data stream type * yam => yaml * only credential access api events are non-diagnostic * Apply suggestions from code review Co-authored-by: Leszek Kubik <[email protected]> * add content to custom_documentation files (#391) * add content to custom_documentation files * add macos endpoint_unquarantine fields * linux endpoint unquarantine documentation * add more malicous behavior fields on linux * add more missing fields * add a field * switch to .* notation for malicious alert fields * restore host.* fields * add rendered custom_documentation (#392) * add rendered custom_documentation * re-render docs * re-render --------- Co-authored-by: Leszek Kubik <[email protected]>
|
I merged the 3 chained PRs into this. There were minor updates to firm up some of the fields enumerated. I'll merge this PR into |
|
Package endpoint - 8.10.0 containing this change is available at https://epr.elastic.co/search?package=endpoint |
Change Summary
This is a replacement PR for #334
This PR is the first of four chained PRs. I've broken them up to make them reviewable. The final goal is to document what fields are actually available in each Endpoint document type.
Please at least skim all four PRs because seeing them all will help understand this PR better. Notably, I have comments asking for feedback in the second PR that are relevant to this PR.
Release Target
This will ideally be backported into 8.9