[Security Solution][Detections] Prevent permissions checks from being bypassed when indices do not exist #89664

rylnd · 2021-01-29T01:59:17Z

Summary

Specifying this option meant that our field_capabilities check was
throwing an error if the rule included an index pattern that did not
exist. This would be most typical in e.g. a prepackaged rule using
the default index patterns.

While we rescued this error and continued rule execution, this had the
side effect of skipping the remaining permissions checks, both of which
would have potentially written a partial failure status to the rule.

P.S. the original motivation for this PR was removing the confusing new
error that this option caused:

It was only after exploration that this side effect was discovered. For this reason I'm not sure if we should try to get this in 7.11 or ship with the existing behavior; I could see arguments either way.

For maintainers

This was checked for breaking API changes and was labeled appropriately

Specifying this option meant that our field_capabilities check was throwing an error if the rule included an index pattern that did not exist. This would be most typical in e.g. a prepackaged rule using the default index patterns. While we rescued this error and continued rule execution, this had the side effect of skipping the remaining permissions checks, both of which would have potentially written a partial failure status to the rule. P.S. the original motivation for this PR was removing the confusing error that this option caused; it was only after exploration that this side effect was discovered.

rylnd · 2021-01-29T05:11:16Z

@elasticmachine merge upstream

kibanamachine · 2021-01-29T05:59:26Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request
Commit: 53160cb
Pipeline Steps (look for red circles / failed steps)
Interpreting CI Failures

Failed CI Steps

Test Failures

X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_actions·ts.detection engine api security and spaces enabled add_actions adding actions should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://dryrun

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: 
[00:00:00]             └-> "before all" hook
[00:00:00]             └-: add_actions
[00:00:00]               └-> "before all" hook
[00:00:00]               └-: adding actions
[00:00:00]                 └-> "before all" hook
[00:00:00]                 └-> should be able to create a new webhook action and attach it to a rule
[00:00:00]                   └-> "before each" hook: global before each
[00:00:00]                   └-> "before each" hook
[00:00:00]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default-migration-cleanup]
[00:00:00]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:00:00]                     │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:00]                     │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:00]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:00]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/aI8J556mSquX8HXEhZIoVw] update_mapping [_doc]
[00:00:01]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.ds-ilm-history-5-2021.01.29-000001] creating index, cause [initialize_data_stream], templates [ilm-history], shards [1]/[0]
[00:00:01]                   │ info [o.e.c.m.MetadataCreateDataStreamService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding data stream [ilm-history-5] with write index [.ds-ilm-history-5-2021.01.29-000001] and backing indices []
[00:00:01]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.ds-ilm-history-5-2021.01.29-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [ilm-history-ilm-policy]
[00:00:01]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.ds-ilm-history-5-2021.01.29-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [ilm-history-ilm-policy]
[00:00:01]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.ds-ilm-history-5-2021.01.29-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [ilm-history-ilm-policy]
[00:00:03]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/aI8J556mSquX8HXEhZIoVw] update_mapping [_doc]
[00:00:04]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/aI8J556mSquX8HXEhZIoVw] update_mapping [_doc]
[00:00:06]                   └- ✓ pass  (6.2s) "detection engine api security and spaces enabled  add_actions adding actions should be able to create a new webhook action and attach it to a rule"
[00:00:06]                 └-> "after each" hook
[00:00:06]                   │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001/Gbkm5da0RHuIZ5yTYM_aVA] deleting index
[00:00:06]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] removing template [.siem-signals-default]
[00:00:08]                 └-> should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly
[00:00:08]                   └-> "before each" hook: global before each
[00:00:08]                   └-> "before each" hook
[00:00:08]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:00:08]                     │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:08]                     │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:08]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:08]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:08]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:16]                   │ proc [kibana]   log   [05:58:35.375] [error][plugins][securitySolution] The following indices are missing the timestamp field "@timestamp": [] name: "Simple Rule Query" id: "0225f330-61f7-11eb-9bf7-7f112a49bc10" rule id: "rule-1" signals index: ".siem-signals-default"
[00:00:17]                   │ proc [kibana]   log   [05:58:36.395] [info][plugins][securitySolution] Found 0 signals for notification. name: "Simple Rule Query" id: "0225f330-61f7-11eb-9bf7-7f112a49bc10" rule id: "rule-1" signals index: ".siem-signals-default"
[00:00:17]                   │ proc [kibana]   log   [05:58:36.407] [info][eventLog][plugins] event logged: {"@timestamp":"2021-01-29T05:58:33.805Z","event":{"provider":"alerting","action":"execute","start":"2021-01-29T05:58:33.806Z","outcome":"success","end":"2021-01-29T05:58:36.405Z","duration":2599000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"0225f330-61f7-11eb-9bf7-7f112a49bc10"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:0225f330-61f7-11eb-9bf7-7f112a49bc10: 'Simple Rule Query'","ecs":{"version":"1.6.0"}}
[00:00:53]                   └- ✖ fail: detection engine api security and spaces enabled  add_actions adding actions should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly
[00:00:53]                   │      Error: timed out waiting for function condition to be true within waitForRuleSuccess
[00:00:53]                   │       at /dev/shm/workspace/parallel/16/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9
[00:00:53]                   │ 
[00:00:53]                   │

Stack Trace

Error: timed out waiting for function condition to be true within waitForRuleSuccess
    at /dev/shm/workspace/parallel/16/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9

X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/add_actions·ts.detection engine api security and spaces enabled add_actions adding actions should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:00:00]           └-: 
[00:00:00]             └-> "before all" hook
[00:00:00]             └-: add_actions
[00:00:00]               └-> "before all" hook
[00:00:00]               └-: adding actions
[00:00:00]                 └-> "before all" hook
[00:00:00]                 └-> should be able to create a new webhook action and attach it to a rule
[00:00:00]                   └-> "before each" hook: global before each
[00:00:00]                   └-> "before each" hook
[00:00:00]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default-migration-cleanup]
[00:00:00]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:00:00]                     │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:00]                     │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:00]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:00]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:00]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/YKymx_C7RZqSD-Gr8IiAWQ] update_mapping [_doc]
[00:00:03]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/YKymx_C7RZqSD-Gr8IiAWQ] update_mapping [_doc]
[00:00:03]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.kibana_1/YKymx_C7RZqSD-Gr8IiAWQ] update_mapping [_doc]
[00:00:06]                   └- ✓ pass  (5.7s) "detection engine api security and spaces enabled  add_actions adding actions should be able to create a new webhook action and attach it to a rule"
[00:00:06]                 └-> "after each" hook
[00:00:06]                   │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001/agj4TwPvQA2HGpu5U1mmcQ] deleting index
[00:00:06]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] removing template [.siem-signals-default]
[00:00:08]                 └-> should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly
[00:00:08]                   └-> "before each" hook: global before each
[00:00:08]                   └-> "before each" hook
[00:00:08]                     │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:00:08]                     │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:00:08]                     │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:00:08]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:00:08]                     │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:00:08]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:00:13]                   │ proc [kibana]   log   [05:54:17.655] [error][plugins][securitySolution] The following indices are missing the timestamp field "@timestamp": [] name: "Simple Rule Query" id: "6a58b6a0-61f6-11eb-9965-55794c2f8d6a" rule id: "rule-1" signals index: ".siem-signals-default"
[00:00:14]                   │ proc [kibana]   log   [05:54:18.677] [info][plugins][securitySolution] Found 0 signals for notification. name: "Simple Rule Query" id: "6a58b6a0-61f6-11eb-9965-55794c2f8d6a" rule id: "rule-1" signals index: ".siem-signals-default"
[00:00:14]                   │ proc [kibana]   log   [05:54:18.703] [info][eventLog][plugins] event logged: {"@timestamp":"2021-01-29T05:54:16.407Z","event":{"provider":"alerting","action":"execute","start":"2021-01-29T05:54:16.407Z","outcome":"success","end":"2021-01-29T05:54:18.700Z","duration":2293000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"6a58b6a0-61f6-11eb-9965-55794c2f8d6a"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:6a58b6a0-61f6-11eb-9965-55794c2f8d6a: 'Simple Rule Query'","ecs":{"version":"1.6.0"}}
[00:00:56]                   └- ✖ fail: detection engine api security and spaces enabled  add_actions adding actions should be able to create a new webhook action and attach it to a rule without a meta field and run it correctly
[00:00:56]                   │      Error: timed out waiting for function condition to be true within waitForRuleSuccess
[00:00:56]                   │       at /dev/shm/workspace/parallel/16/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9
[00:00:56]                   │ 
[00:00:56]                   │

Stack Trace

Error: timed out waiting for function condition to be true within waitForRuleSuccess
    at /dev/shm/workspace/parallel/16/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9

X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/basic/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:34]           └-: find_statuses
[00:02:34]             └-> "before all" hook
[00:02:34]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:34]               └-> "before each" hook: global before each
[00:02:34]               └-> "before each" hook
[00:02:34]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:02:34]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:34]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:02:34]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:34]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:34]               └- ✓ pass  (17ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:34]             └-> "after each" hook
[00:02:34]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:34]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001/_8JAk2RMRKaDLFniyRFyMg] deleting index
[00:02:34]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] removing template [.siem-signals-default]
[00:02:34]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:34]               └-> "before each" hook: global before each
[00:02:34]               └-> "before each" hook
[00:02:34]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding index lifecycle policy [.siem-signals-default]
[00:02:34]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:35]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:02:35]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:35]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:35]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-18-tests-xxl-1611897123696047497] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:40]               │ proc [kibana]   log   [06:22:52.848] [error][plugins][securitySolution] The following indices are missing the timestamp field "@timestamp": [] name: "Simple Rule Query" id: "67ce8c80-61fa-11eb-9bcf-971bce619541" rule id: "rule-1" signals index: ".siem-signals-default"
[00:02:41]               │ proc [kibana]   log   [06:22:53.870] [info][eventLog][plugins] event logged: {"@timestamp":"2021-01-29T06:22:51.186Z","event":{"provider":"alerting","action":"execute","start":"2021-01-29T06:22:51.186Z","outcome":"success","end":"2021-01-29T06:22:53.869Z","duration":2683000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"67ce8c80-61fa-11eb-9bcf-971bce619541"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:67ce8c80-61fa-11eb-9bcf-971bce619541: 'Simple Rule Query'","ecs":{"version":"1.6.0"}}
[00:03:11]               └- ✖ fail: detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added
[00:03:11]               │      Error: timed out waiting for function condition to be true within waitForRuleSuccess
[00:03:11]               │       at /dev/shm/workspace/parallel/19/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9
[00:03:11]               │ 
[00:03:11]               │

Stack Trace

Error: timed out waiting for function condition to be true within waitForRuleSuccess
    at /dev/shm/workspace/parallel/19/kibana/x-pack/test/detection_engine_api_integration/utils.ts:729:9

and 1 more failures, only showing the first 3.

Metrics [docs]

✅ unchanged

History

💔 Build #102018 failed 87ad318

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

rylnd · 2021-02-10T20:58:50Z

Closing in favor of #89927

rylnd added bug Fixes for quality problems that affect the customer experience release_note:skip Skip the PR/issue when compiling release notes v7.12.0 Team:Detections and Resp Security Detection Response Team labels Jan 29, 2021

rylnd requested a review from dhurley14 January 29, 2021 01:59

rylnd self-assigned this Jan 29, 2021

Merge branch 'master' into fix-permissions-index-error

53160cb

rylnd closed this Feb 10, 2021

rylnd deleted the fix-permissions-index-error branch February 10, 2021 20:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security Solution][Detections] Prevent permissions checks from being bypassed when indices do not exist #89664

[Security Solution][Detections] Prevent permissions checks from being bypassed when indices do not exist #89664

rylnd commented Jan 29, 2021

rylnd commented Jan 29, 2021

kibanamachine commented Jan 29, 2021 •

edited

Loading

Standard Out

Stack Trace

Standard Out

Stack Trace

Standard Out

Stack Trace

rylnd commented Feb 10, 2021

[Security Solution][Detections] Prevent permissions checks from being bypassed when indices do not exist #89664

[Security Solution][Detections] Prevent permissions checks from being bypassed when indices do not exist #89664

Conversation

rylnd commented Jan 29, 2021

Summary

For maintainers

rylnd commented Jan 29, 2021

kibanamachine commented Jan 29, 2021 • edited Loading

💔 Build Failed

Failed CI Steps

Test Failures

Standard Out

Stack Trace

Standard Out

Stack Trace

Standard Out

Stack Trace

Metrics [docs]

History

rylnd commented Feb 10, 2021

kibanamachine commented Jan 29, 2021 •

edited

Loading