Skip to content

Commit

Permalink
[RAC][RBAC] - add alert document versioning (elastic#17)
Browse files Browse the repository at this point in the history
Addresses remaining PR comments. Adds version control to alerts doc update route. Updates tests.
  • Loading branch information
yctercero committed Jul 5, 2021
1 parent b009f96 commit 142e7e5
Show file tree
Hide file tree
Showing 32 changed files with 316 additions and 118 deletions.
3 changes: 3 additions & 0 deletions packages/kbn-rule-data-utils/src/technical_field_names.ts
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ const ALERT_SEVERITY_VALUE = `${ALERT_NAMESPACE}.severity.value` as const;
const ALERT_STATUS = `${ALERT_NAMESPACE}.status` as const;
const ALERT_EVALUATION_THRESHOLD = `${ALERT_NAMESPACE}.evaluation.threshold` as const;
const ALERT_EVALUATION_VALUE = `${ALERT_NAMESPACE}.evaluation.value` as const;
const VERSION = '_version' as const;

const fields = {
TIMESTAMP,
Expand All @@ -52,6 +53,7 @@ const fields = {
ALERT_STATUS,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
VERSION,
};

export {
Expand All @@ -75,6 +77,7 @@ export {
ALERT_STATUS,
ALERT_EVALUATION_THRESHOLD,
ALERT_EVALUATION_VALUE,
VERSION,
};

export type TechnicalRuleDataFieldName = ValuesType<typeof fields>;
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

// Similar to the src/core/server/saved_objects/version/decode_version.ts
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

/**
Expand Down
2 changes: 2 additions & 0 deletions packages/kbn-securitysolution-es-utils/src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,12 @@

export * from './bad_request_error';
export * from './create_boostrap_index';
export * from './decode_version';
export * from './delete_all_index';
export * from './delete_policy';
export * from './delete_template';
export * from './elasticsearch_client';
export * from './encode_hit_version';
export * from './get_index_aliases';
export * from './get_index_count';
export * from './get_index_exists';
Expand Down
4 changes: 2 additions & 2 deletions src/core/server/ui_settings/routes/delete.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,10 @@ export function registerDeleteRoute(router: IRouter) {
});
} catch (error) {
if (SavedObjectsErrorHelpers.isSavedObjectsClientError(error)) {
return response.customError({
return {
body: error,
statusCode: error.output.statusCode,
});
};
}

if (error instanceof CannotOverrideError) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ import {
SerializerOrUndefined,
Type,
} from '@kbn/securitysolution-io-ts-list-types';
import { encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { transformListItemToElasticQuery } from '../utils';
import { encodeHitVersion } from '../utils/encode_hit_version';
import { IndexEsListItemSchema } from '../../schemas/elastic_query';

export interface CreateListItemOptions {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,9 @@ import type {
MetaOrUndefined,
_VersionOrUndefined,
} from '@kbn/securitysolution-io-ts-list-types';
import { decodeVersion, encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { transformListItemToElasticQuery } from '../utils';
import { decodeVersion } from '../utils/decode_version';
import { encodeHitVersion } from '../utils/encode_hit_version';
import { UpdateEsListItemSchema } from '../../schemas/elastic_query';

import { getListItem } from './get_list_item';
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/lists/server/services/lists/create_list.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ import type {
Type,
} from '@kbn/securitysolution-io-ts-list-types';
import type { Version } from '@kbn/securitysolution-io-ts-types';
import { encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { encodeHitVersion } from '../utils/encode_hit_version';
import { IndexEsListSchema } from '../../schemas/elastic_query';

export interface CreateListOptions {
Expand Down
3 changes: 1 addition & 2 deletions x-pack/plugins/lists/server/services/lists/update_list.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,8 @@ import type {
_VersionOrUndefined,
} from '@kbn/securitysolution-io-ts-list-types';
import { VersionOrUndefined } from '@kbn/securitysolution-io-ts-types';
import { decodeVersion, encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { decodeVersion } from '../utils/decode_version';
import { encodeHitVersion } from '../utils/encode_hit_version';
import { UpdateEsListSchema } from '../../schemas/elastic_query';

import { getList } from '.';
Expand Down
2 changes: 0 additions & 2 deletions x-pack/plugins/lists/server/services/utils/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,7 @@
*/

export * from './calculate_scroll_math';
export * from './decode_version';
export * from './encode_decode_cursor';
export * from './encode_hit_version';
export * from './escape_query';
export * from './find_source_type';
export * from './find_source_value';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,10 @@

import type { estypes } from '@elastic/elasticsearch';
import type { ListArraySchema } from '@kbn/securitysolution-io-ts-list-types';
import { encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { SearchEsListSchema } from '../../schemas/elastic_response';

import { encodeHitVersion } from './encode_hit_version';

export interface TransformElasticToListOptions {
response: estypes.SearchResponse<SearchEsListSchema>;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@

import type { estypes } from '@elastic/elasticsearch';
import type { ListItemArraySchema, Type } from '@kbn/securitysolution-io-ts-list-types';
import { encodeHitVersion } from '@kbn/securitysolution-es-utils';

import { ErrorWithStatusCode } from '../../error_with_status_code';
import { SearchEsListItemSchema } from '../../schemas/elastic_response';

import { encodeHitVersion } from './encode_hit_version';
import { findSourceValue } from './find_source_value';

export interface TransformElasticToListItemOptions {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import {
RULE_UUID,
TAGS,
TIMESTAMP,
VERSION,
} from '../../../common/technical_rule_data_field_names';
import { ecsFieldMap } from './ecs_field_map';

Expand All @@ -41,6 +42,7 @@ export const technicalRuleFieldMap = {
RULE_CATEGORY,
TAGS
),
[VERSION]: { type: 'number' },
[OWNER]: { type: 'keyword' },
[PRODUCER]: { type: 'keyword' },
[ALERT_UUID]: { type: 'keyword' },
Expand Down
2 changes: 1 addition & 1 deletion x-pack/plugins/rule_registry/common/constants.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@
* 2.0.
*/

export const BASE_RAC_ALERTS_API_PATH = '/api/rac/alerts';
export const BASE_RAC_ALERTS_API_PATH = '/internal/rac/alerts';
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
* 2.0.
*/
import { PublicMethodsOf } from '@kbn/utility-types';
import { decodeVersion, encodeHitVersion } from '@kbn/securitysolution-es-utils';
import { AlertTypeParams } from '../../../alerting/server';
import {
ReadOperations,
Expand Down Expand Up @@ -35,9 +36,8 @@ export interface ConstructorOptions {

export interface UpdateOptions<Params extends AlertTypeParams> {
id: string;
data: {
status: string;
};
status: string;
_version: string | undefined;
index: string;
}

Expand Down Expand Up @@ -82,7 +82,9 @@ export class AlertsClient {
// result in a big performance hit. If the client already knows which index the alert
// belongs to, passing in the index will speed things up
index: index ?? '.alerts-*',
ignore_unavailable: true,
body: { query: { term: { _id: id } } },
seq_no_primary_term: true,
});

if (!isValidAlert(result.body.hits.hits[0]._source)) {
Expand All @@ -91,7 +93,10 @@ export class AlertsClient {
throw new Error(errorMessage);
}

return result.body.hits.hits[0]._source;
return {
...result.body.hits.hits[0]._source,
_version: encodeHitVersion(result.body.hits.hits[0]),
};
} catch (error) {
const errorMessage = `Unable to retrieve alert with id of "${id}".`;
this.logger.debug(errorMessage);
Expand Down Expand Up @@ -139,7 +144,8 @@ export class AlertsClient {

public async update<Params extends AlertTypeParams = never>({
id,
data,
status,
_version,
index,
}: UpdateOptions<Params>) {
try {
Expand All @@ -155,19 +161,17 @@ export class AlertsClient {
entity: AlertingAuthorizationEntity.Alert,
});

const updateParameters = {
const { body: response } = await this.esClient.update<ParsedTechnicalFields>({
...decodeVersion(_version),
id,
index,
body: {
doc: {
[ALERT_STATUS]: data.status,
[ALERT_STATUS]: status,
},
},
};

const res = await this.esClient.update<ParsedTechnicalFields, unknown, unknown, unknown>(
updateParameters
);
refresh: 'wait_for',
});

this.auditLogger?.log(
alertAuditEvent({
Expand All @@ -176,7 +180,10 @@ export class AlertsClient {
})
);

return res.body;
return {
...response,
_version: encodeHitVersion(response),
};
} catch (error) {
this.auditLogger?.log(
alertAuditEvent({
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ describe('get()', () => {
_type: 'alert',
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_version: 1,
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
message: 'hello world 1',
Expand All @@ -67,6 +70,7 @@ describe('get()', () => {
const result = await alertsClient.get({ id: '1', index: '.alerts-observability-apm' });
expect(result).toMatchInlineSnapshot(`
Object {
"_version": "WzM2MiwyXQ==",
"kibana.rac.alert.owner": "apm",
"kibana.rac.alert.status": "open",
"message": "hello world 1",
Expand All @@ -84,7 +88,9 @@ describe('get()', () => {
},
},
},
"ignore_unavailable": true,
"index": ".alerts-observability-apm",
"seq_no_primary_term": true,
},
]
`);
Expand Down Expand Up @@ -112,6 +118,9 @@ describe('get()', () => {
_type: 'alert',
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_version: 1,
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
message: 'hello world 1',
Expand Down Expand Up @@ -170,6 +179,9 @@ describe('get()', () => {
_type: 'alert',
_index: '.alerts-observability-apm',
_id: 'NoxgpHkBqbdrfX07MqXV',
_version: 1,
_seq_no: 362,
_primary_term: 2,
_source: {
'rule.id': 'apm.error_rate',
message: 'hello world 1',
Expand All @@ -196,6 +208,7 @@ describe('get()', () => {
});
expect(result).toMatchInlineSnapshot(`
Object {
"_version": "WzM2MiwyXQ==",
"kibana.rac.alert.owner": "apm",
"kibana.rac.alert.status": "open",
"message": "hello world 1",
Expand Down
Loading

0 comments on commit 142e7e5

Please sign in to comment.