Skip to content

Commit

Permalink
Merge branch 'master' of github.com:elastic/kibana into timeline-pinn…
Browse files Browse the repository at this point in the history
…ed-events
  • Loading branch information
XavierM committed Dec 16, 2020
2 parents 71f94d0 + e48dbf3 commit bf7dbcc
Show file tree
Hide file tree
Showing 58 changed files with 1,698 additions and 463 deletions.
2 changes: 1 addition & 1 deletion .node-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
14.15.1
14.15.2
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
14.15.1
14.15.2
150 changes: 113 additions & 37 deletions docs/settings/security-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,6 @@ You do not need to configure any additional settings to use the
screens, and authorization using <<kibana-privileges>>. To disable
{security-features} entirely, see
{ref}/security-settings.html[{es} security settings].

| `xpack.security.audit.enabled`
| Set to `true` to enable audit logging for security events. By default, it is set
to `false`. For more details see <<xpack-security-audit-logging>>.

|===

[float]
Expand Down Expand Up @@ -325,12 +320,11 @@ In high-availability deployments, make sure you use the same encryption and decr
| [[xpack-encryptedSavedObjects-keyRotation-decryptionOnlyKeys]] `xpack.encryptedSavedObjects.`
`keyRotation.decryptionOnlyKeys`
| An optional list of previously used encryption keys. Like <<xpack-encryptedSavedObjects-encryptionKey, `xpack.encryptedSavedObjects.encryptionKey`>>, these must be at least 32 characters in length. {kib} doesn't use these keys for encryption, but may still require them to decrypt some existing saved objects. Use this setting if you wish to change your encryption key, but don't want to lose access to saved objects that were previously encrypted with a different key.

|===

[float]
[[audit-logging-settings]]
===== Audit logging settings
==== Audit logging settings

You can enable audit logging to support compliance, accountability, and security. When enabled, {kib} will capture:

Expand All @@ -341,19 +335,19 @@ You can enable audit logging to support compliance, accountability, and security
For more details and a reference of audit events, refer to <<xpack-security-audit-logging>>.

[cols="2*<"]
|===
| `xpack.security.audit.enabled`
|======
| `xpack.security.audit.enabled` {ess-icon}
| Set to `true` to enable audit logging for security events. *Default:* `false`
|===
|======

[float]
[[ecs-audit-logging-settings]]
===== ECS audit logging settings
==== ECS audit logging settings

To enable the <<xpack-security-ecs-audit-logging, ECS audit logger>>, specify where you want to write the audit events using `xpack.security.audit.appender`.

[cols="2*<"]
|===
[cols="2*<,*50"]
|======
| `xpack.security.audit.appender`
| Optional. Specifies where audit logs should be written to and how they should be formatted.

Expand All @@ -362,53 +356,135 @@ To enable the <<xpack-security-ecs-audit-logging, ECS audit logger>>, specify wh
[source,yaml]
----------------------------------------
xpack.security.audit.appender:
kind: file
path: /path/to/audit.log
kind: rolling-file
path: ./audit.log
policy:
kind: time-interval
interval: 24h <1>
strategy:
kind: numeric
max: 10 <2>
layout:
kind: json
----------------------------------------
<1> Rotates log files every 24 hours.
<2> Keeps maximum of 10 log files before deleting older ones.

| `xpack.security.audit.appender.kind`
| Required. Specifies where audit logs should be written to. Allowed values are `console` or `file`.
|===
| Required. Specifies where audit logs should be written to. Allowed values are `console`, `file`, or `rolling-file`.

Refer to <<audit-logging-file-appender>> and <<audit-logging-rolling-file-appender>> for appender specific settings.

| `xpack.security.audit.appender.layout.kind`
| Required. Specifies how audit logs should be formatted. Allowed values are `json` or `pattern`.

Refer to <<audit-logging-pattern-layout>> for layout specific settings.

2+a|
[TIP]
============
We recommend using `json` format to allow ingesting {kib} audit logs into {es} using Filebeat.
============

|======

[float]
[[audit-logging-file-appender]]
[[audit-logging-file-appender,file appender]]
===== File appender

The file appender can be configured using the following settings:
The `file` appender writes to a file and can be configured using the following settings:

[cols="2*<"]
|===
|======
| `xpack.security.audit.appender.path`
| Required. Full file path the log file should be written to.
|======

| `xpack.security.audit.appender.layout.kind`
| Required. Specifies how audit logs should be formatted. Allowed values are `json` or `pattern`.
|===
[float]
[[audit-logging-rolling-file-appender, rolling file appender]]
===== Rolling file appender

The `rolling-file` appender writes to a file and rotates it using a rolling strategy, when a particular policy is triggered:

[cols="2*<"]
|======
| `xpack.security.audit.appender.path`
| Required. Full file path the log file should be written to.

| `xpack.security.audit.appender.policy.kind`
| Specifies when a rollover should occur. Allowed values are `size-limit` and `time-interval`. *Default:* `time-interval`.

Refer to <<audit-logging-size-limit-policy>> and <<audit-logging-time-interval-policy>> for policy specific settings.
| `xpack.security.audit.appender.strategy.kind`
| Specifies how the rollover should occur. Only allowed value is currently `numeric`. *Default:* `numeric`

Refer to <<audit-logging-numeric-strategy>> for strategy specific settings.
|======

[float]
[[audit-logging-pattern-layout]]
===== Pattern layout
[[audit-logging-size-limit-policy, size limit policy]]
===== Size limit triggering policy

The pattern layout can be configured using the following settings:
The `size-limit` triggering policy will rotate the file when it reaches a certain size:

[cols="2*<"]
|===
| `xpack.security.audit.appender.layout.highlight`
| Optional. Set to `true` to enable highlighting log messages with colors.
|======
| `xpack.security.audit.appender.policy.size`
| Maximum size the log file should reach before a rollover should be performed. *Default:* `100mb`
|======

[float]
[[audit-logging-time-interval-policy, time interval policy]]
===== Time interval triggering policy

The `time-interval` triggering policy will rotate the file every given interval of time:

[cols="2*<"]
|======
| `xpack.security.audit.appender.policy.interval`
| How often a rollover should occur. *Default:* `24h`

| `xpack.security.audit.appender.policy.modulate`
| Whether the interval should be adjusted to cause the next rollover to occur on the interval boundary. *Default:* `true`
|======

[float]
[[audit-logging-numeric-strategy, numeric strategy]]
===== Numeric rolling strategy

The `numeric` rolling strategy will suffix the log file with a given pattern when rolling over, and will retain a fixed number of rolled files:

[cols="2*<"]
|======
| `xpack.security.audit.appender.strategy.pattern`
| Suffix to append to the file name when rolling over. Must include `%i`. *Default:* `-%i`

| `xpack.security.audit.appender.strategy.max`
| Maximum number of files to keep. Once this number is reached, oldest files will be deleted. *Default:* `7`
|======

[float]
[[audit-logging-pattern-layout, pattern layout]]
===== Pattern layout

The `pattern` layout outputs a string, formatted using a pattern with special placeholders, which will be replaced with data from the actual log message:

[cols="2*<"]
|======
| `xpack.security.audit.appender.layout.pattern`
| Optional. Specifies how the log line should be formatted. *Default:* `[%date][%level][%logger]%meta %message`
|===

| `xpack.security.audit.appender.layout.highlight`
| Optional. Set to `true` to enable highlighting log messages with colors.
|======

[float]
[[audit-logging-ignore-filters]]
===== Ignore filters

[cols="2*<"]
|===
| `xpack.security.audit.ignore_filters[]`
|======
| `xpack.security.audit.ignore_filters[]` {ess-icon}
| List of filters that determine which events should be excluded from the audit log. An event will get filtered out if at least one of the provided filters matches.

2+a| For example:
Expand All @@ -423,15 +499,15 @@ xpack.security.audit.ignore_filters:
<1> Filters out HTTP request events
<2> Filters out any data write events

| `xpack.security.audit.ignore_filters[].actions[]`
| `xpack.security.audit.ignore_filters[].actions[]` {ess-icon}
| List of values matched against the `event.action` field of an audit event. Refer to <<xpack-security-audit-logging>> for a list of available events.

| `xpack.security.audit.ignore_filters[].categories[]`
| `xpack.security.audit.ignore_filters[].categories[]` {ess-icon}
| List of values matched against the `event.category` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-category.html[ECS categorization field] for allowed values.

| `xpack.security.audit.ignore_filters[].types[]`
| `xpack.security.audit.ignore_filters[].types[]` {ess-icon}
| List of values matched against the `event.type` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-type.html[ECS type field] for allowed values.

| `xpack.security.audit.ignore_filters[].outcomes[]`
| `xpack.security.audit.ignore_filters[].outcomes[]` {ess-icon}
| List of values matched against the `event.outcome` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-outcome.html[ECS outcome field] for allowed values.
|===
|======
6 changes: 3 additions & 3 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
"**/@types/hapi__boom": "^7.4.1",
"**/@types/hapi__hapi": "^18.2.6",
"**/@types/hapi__mimos": "4.1.0",
"**/@types/node": "14.14.7",
"**/@types/node": "14.14.14",
"**/chokidar": "^3.4.3",
"**/cross-fetch/node-fetch": "^2.6.1",
"**/deepmerge": "^4.2.2",
Expand All @@ -97,7 +97,7 @@
"**/typescript": "4.1.2"
},
"engines": {
"node": "14.15.1",
"node": "14.15.2",
"yarn": "^1.21.1"
},
"dependencies": {
Expand Down Expand Up @@ -497,7 +497,7 @@
"@types/mustache": "^0.8.31",
"@types/ncp": "^2.0.1",
"@types/nock": "^10.0.3",
"@types/node": "14.14.7",
"@types/node": "14.14.14",
"@types/node-fetch": "^2.5.7",
"@types/node-forge": "^0.9.5",
"@types/nodemailer": "^6.4.0",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ export const loadTestFiles = ({
updateBaselines,
updateSnapshots,
}) => {
decorateSnapshotUi(lifecycle, updateSnapshots);
decorateSnapshotUi({ lifecycle, updateSnapshots, isCi: !!process.env.CI });

const innerLoadTestFile = (path) => {
if (typeof path !== 'string' || !isAbsolute(path)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ describe('decorateSnapshotUi', () => {
let lifecycle: Lifecycle;
beforeEach(() => {
lifecycle = new Lifecycle();
decorateSnapshotUi(lifecycle, false);
decorateSnapshotUi({ lifecycle, updateSnapshots: false, isCi: false });
});

it('passes when the snapshot matches the actual value', async () => {
Expand Down Expand Up @@ -109,7 +109,7 @@ describe('decorateSnapshotUi', () => {
let lifecycle: Lifecycle;
beforeEach(() => {
lifecycle = new Lifecycle();
decorateSnapshotUi(lifecycle, true);
decorateSnapshotUi({ lifecycle, updateSnapshots: true, isCi: false });
});

it("doesn't throw if the value does not match", async () => {
Expand All @@ -130,4 +130,30 @@ describe('decorateSnapshotUi', () => {
}).not.toThrow();
});
});

describe('when running on ci', () => {
let lifecycle: Lifecycle;
beforeEach(() => {
lifecycle = new Lifecycle();
decorateSnapshotUi({ lifecycle, updateSnapshots: false, isCi: true });
});

it('throws on new snapshots', async () => {
const test: Test = {
title: 'Test',
file: 'foo.ts',
parent: {
file: 'foo.ts',
tests: [],
suites: [],
},
} as any;

await lifecycle.beforeEachTest.trigger(test);

expect(() => {
expectSnapshot('bar').toMatchInline();
}).toThrow();
});
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ import { Test, Suite } from '../../fake_mocha_types';

type ISnapshotState = InstanceType<typeof SnapshotState>;

type SnapshotUpdateState = 'all' | 'new' | 'none';

interface SnapshotContext {
snapshotState: ISnapshotState;
currentTestName: string;
Expand Down Expand Up @@ -94,14 +96,32 @@ const modifyStackTracePrepareOnce = once(() => {
};
});

export function decorateSnapshotUi(lifecycle: Lifecycle, updateSnapshots: boolean) {
export function decorateSnapshotUi({
lifecycle,
updateSnapshots,
isCi,
}: {
lifecycle: Lifecycle;
updateSnapshots: boolean;
isCi: boolean;
}) {
let snapshotStatesByFilePath: Record<
string,
{ snapshotState: ISnapshotState; testsInFile: Test[] }
> = {};

registered = true;

let updateSnapshot: SnapshotUpdateState;

if (isCi) {
// make sure snapshots that have not been committed
// are not written to file on CI, passing the test
updateSnapshot = 'none';
} else {
updateSnapshot = updateSnapshots ? 'all' : 'new';
}

modifyStackTracePrepareOnce();

addSerializer({
Expand All @@ -120,7 +140,7 @@ export function decorateSnapshotUi(lifecycle: Lifecycle, updateSnapshots: boolea
const { file, snapshotTitle } = getSnapshotMeta(currentTest);

if (!snapshotStatesByFilePath[file]) {
snapshotStatesByFilePath[file] = getSnapshotState(file, currentTest, updateSnapshots);
snapshotStatesByFilePath[file] = getSnapshotState(file, currentTest, updateSnapshot);
}

testContext = {
Expand Down Expand Up @@ -178,7 +198,7 @@ function recursivelyGetTestsFromSuite(suite: Suite): Test[] {
return suite.tests.concat(flatten(suite.suites.map((s) => recursivelyGetTestsFromSuite(s))));
}

function getSnapshotState(file: string, test: Test, updateSnapshots: boolean) {
function getSnapshotState(file: string, test: Test, updateSnapshot: SnapshotUpdateState) {
const dirname = path.dirname(file);
const filename = path.basename(file);

Expand All @@ -195,7 +215,7 @@ function getSnapshotState(file: string, test: Test, updateSnapshots: boolean) {
const snapshotState = new SnapshotState(
path.join(dirname + `/__snapshots__/` + filename.replace(path.extname(filename), '.snap')),
{
updateSnapshot: updateSnapshots ? 'all' : 'new',
updateSnapshot,
// @ts-expect-error
getPrettier: () => prettier,
getBabelTraverse: () => babelTraverse,
Expand Down
Loading

0 comments on commit bf7dbcc

Please sign in to comment.