From 6c2fd429f4c65fa06f275f0dadc48cec8f216c25 Mon Sep 17 00:00:00 2001 From: Ievgen Sorokopud Date: Thu, 14 Nov 2024 10:27:26 +0100 Subject: [PATCH 1/4] [Security GenAI] Fetching Assistant Knowledge Base fails when current user's username contains a : character (#11159) --- .../server/routes/knowledge_base/entries/utils.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.ts index 3a548cd812539..0f5a0ab97fb29 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.ts @@ -11,7 +11,7 @@ export const getKBUserFilter = (user: AuthenticatedUser | null) => { // Only return the current users entries and all other global entries (where user[] is empty) const globalFilter = 'NOT users: {name:* OR id:* }'; - const nameFilter = user?.username ? `users: {name: ${user?.username}}` : ''; + const nameFilter = user?.username ? `users: {name: "${user?.username}"}` : ''; const idFilter = user?.profile_uid ? `users: {id: ${user?.profile_uid}}` : ''; const userFilter = user?.username && user?.profile_uid From 439a8f5946e06fe5db2075dfb5e8b0ea1bcbc425 Mon Sep 17 00:00:00 2001 From: Ievgen Sorokopud Date: Thu, 14 Nov 2024 10:39:09 +0100 Subject: [PATCH 2/4] Basic unti tests --- .../knowledge_base/entries/utils.test.ts | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.test.ts diff --git a/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.test.ts b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.test.ts new file mode 100644 index 0000000000000..e718ff44630c7 --- /dev/null +++ b/x-pack/plugins/elastic_assistant/server/routes/knowledge_base/entries/utils.test.ts @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { AuthenticatedUser } from '@kbn/core-security-common'; +import { getKBUserFilter } from './utils'; + +describe('Utils', () => { + describe('getKBUserFilter', () => { + it('should return global filter when user is null', () => { + const filter = getKBUserFilter(null); + expect(filter).toEqual('(NOT users: {name:* OR id:* })'); + }); + + it('should return global filter when `username` and `profile_uid` are undefined', () => { + const filter = getKBUserFilter({} as AuthenticatedUser); + expect(filter).toEqual('(NOT users: {name:* OR id:* })'); + }); + + it('should return global filter when `username` is undefined', () => { + const filter = getKBUserFilter({ profile_uid: 'fake_user_id' } as AuthenticatedUser); + expect(filter).toEqual('(NOT users: {name:* OR id:* } OR users: {id: fake_user_id})'); + }); + + it('should return global filter when `profile_uid` is undefined', () => { + const filter = getKBUserFilter({ username: 'user1' } as AuthenticatedUser); + expect(filter).toEqual('(NOT users: {name:* OR id:* } OR users: {name: "user1"})'); + }); + + it('should return global filter when `username` has semicolon', () => { + const filter = getKBUserFilter({ + username: 'user:1', + profile_uid: 'fake_user_id', + } as AuthenticatedUser); + expect(filter).toEqual( + '(NOT users: {name:* OR id:* } OR (users: {name: "user:1"} OR users: {id: fake_user_id}))' + ); + }); + }); +}); From cf41cf15767c5936a889a6e48a3f62776c485b40 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 14 Nov 2024 14:22:26 +0000 Subject: [PATCH 3/4] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 12 +++--------- oas_docs/output/kibana.yaml | 12 +++--------- 2 files changed, 6 insertions(+), 18 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 32d38c3569148..9f0c38baded7d 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -16693,14 +16693,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -16713,9 +16709,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 8a3d4d3634b8d..50fd92fdc8a9c 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -19477,14 +19477,10 @@ paths: type: object properties: active: - description: >- - When false, the enrollment API key is revoked and - cannot be used for enrolling Elastic Agents. + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. type: boolean api_key: - description: >- - The enrollment API key (token) used for enrolling - Elastic Agents. + description: The enrollment API key (token) used for enrolling Elastic Agents. type: string api_key_id: description: The ID of the API key in the Security API. @@ -19497,9 +19493,7 @@ paths: description: The name of the enrollment API key. type: string policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + description: The ID of the agent policy the Elastic Agent will be enrolled in. type: string required: - id From d2ce9296154608d22a29fef21230774e79b68976 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Thu, 14 Nov 2024 18:17:50 +0000 Subject: [PATCH 4/4] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.serverless.yaml | 78 +++++---------------- oas_docs/output/kibana.yaml | 96 ++++++-------------------- 2 files changed, 40 insertions(+), 134 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 117e52586c5ad..4f54e401b14c2 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -1018,24 +1018,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -1610,24 +1603,17 @@ paths: type: boolean flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch states - in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -1945,24 +1931,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -2540,24 +2519,17 @@ paths: - active flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch states - in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -2847,24 +2819,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -3902,24 +3867,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index ceefaa13fcd4b..cb7d39cae0cab 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -1367,24 +1367,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -1958,24 +1951,17 @@ paths: type: boolean flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch states - in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -2293,24 +2279,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -2887,24 +2866,17 @@ paths: - active flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch states - in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -3194,24 +3166,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -4241,24 +4206,17 @@ paths: - last_execution_date flapping: additionalProperties: false - description: >- - When flapping detection is turned on, alerts that switch - quickly between active and recovered states are identified - as “flapping” and notifications are reduced. + description: When flapping detection is turned on, alerts that switch quickly between active and recovered states are identified as “flapping” and notifications are reduced. nullable: true type: object properties: look_back_window: - description: >- - The minimum number of runs in which the threshold must - be met. + description: The minimum number of runs in which the threshold must be met. maximum: 20 minimum: 2 type: number status_change_threshold: - description: >- - The minimum number of times an alert must switch - states in the look back window. + description: The minimum number of times an alert must switch states in the look back window. maximum: 20 minimum: 2 type: number @@ -6708,14 +6666,9 @@ paths: - cases /api/cases/{caseId}/files: post: - description: > - Attach a file to a case. You must have `all` privileges for the - **Cases** feature in the **Management**, **Observability**, or - **Security** section of the Kibana feature privileges, depending on the - owner of the case you're updating. The request must include: - + description: | + Attach a file to a case. You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. The request must include: - The `Content-Type: multipart/form-data` HTTP header. - - The location of the file that is being uploaded. operationId: addCaseFileDefaultSpace parameters: @@ -43715,9 +43668,7 @@ components: - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' title: Add case comment request Cases_add_case_file_request: - description: >- - Defines the file that will be attached to the case. Optional parameters - will be generated automatically from the file metadata if not defined. + description: Defines the file that will be attached to the case. Optional parameters will be generated automatically from the file metadata if not defined. type: object properties: file: @@ -43725,10 +43676,7 @@ components: format: binary type: string filename: - description: >- - The desired name of the file being attached to the case, it can be - different than the name of the file in the filesystem. **This should - not include the file extension.** + description: The desired name of the file being attached to the case, it can be different than the name of the file in the filesystem. **This should not include the file extension.** type: string required: - file