Update actions plugin.

elastic · Apr 8, 2021 · 0b46dd4 · 0b46dd4
1 parent 2ae4fb3
commit 0b46dd4
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 24 deletions.
diff --git a/x-pack/plugins/actions/server/actions_client.ts b/x-pack/plugins/actions/server/actions_client.ts
@@ -18,7 +18,7 @@ import {
   KibanaRequest,
   SavedObjectsUtils,
 } from '../../../../src/core/server';
-import { AuditLogger, EventOutcome } from '../../security/server';
+import { AuditLogger } from '../../security/server';
 import { ActionType } from '../common';
 import { ActionTypeRegistry } from './action_type_registry';
 import { validateConfig, validateSecrets, ActionExecutorContract } from './lib';
@@ -146,7 +146,7 @@ export class ActionsClient {
       connectorAuditEvent({
         action: ConnectorAuditAction.CREATE,
         savedObject: { type: 'action', id },
-        outcome: EventOutcome.UNKNOWN,
+        outcome: 'unknown',
       })
     );
 
@@ -218,7 +218,7 @@ export class ActionsClient {
       connectorAuditEvent({
         action: ConnectorAuditAction.UPDATE,
         savedObject: { type: 'action', id },
-        outcome: EventOutcome.UNKNOWN,
+        outcome: 'unknown',
       })
     );
 
@@ -452,7 +452,7 @@ export class ActionsClient {
     this.auditLogger?.log(
       connectorAuditEvent({
         action: ConnectorAuditAction.DELETE,
-        outcome: EventOutcome.UNKNOWN,
+        outcome: 'unknown',
         savedObject: { type: 'action', id },
       })
     );

diff --git a/x-pack/plugins/actions/server/lib/audit_events.test.ts b/x-pack/plugins/actions/server/lib/audit_events.test.ts
@@ -5,25 +5,28 @@
  * 2.0.
  */
 
-import { EventOutcome } from '../../../security/server/audit';
 import { ConnectorAuditAction, connectorAuditEvent } from './audit_events';
 
 describe('#connectorAuditEvent', () => {
   test('creates event with `unknown` outcome', () => {
     expect(
       connectorAuditEvent({
         action: ConnectorAuditAction.CREATE,
-        outcome: EventOutcome.UNKNOWN,
+        outcome: 'unknown',
         savedObject: { type: 'action', id: 'ACTION_ID' },
       })
     ).toMatchInlineSnapshot(`
       Object {
         "error": undefined,
         "event": Object {
           "action": "connector_create",
-          "category": "database",
+          "category": Array [
+            "database",
+          ],
           "outcome": "unknown",
-          "type": "creation",
+          "type": Array [
+            "creation",
+          ],
         },
         "kibana": Object {
           "saved_object": Object {
@@ -47,9 +50,13 @@ describe('#connectorAuditEvent', () => {
         "error": undefined,
         "event": Object {
           "action": "connector_create",
-          "category": "database",
+          "category": Array [
+            "database",
+          ],
           "outcome": "success",
-          "type": "creation",
+          "type": Array [
+            "creation",
+          ],
         },
         "kibana": Object {
           "saved_object": Object {
@@ -77,9 +84,13 @@ describe('#connectorAuditEvent', () => {
         },
         "event": Object {
           "action": "connector_create",
-          "category": "database",
+          "category": Array [
+            "database",
+          ],
           "outcome": "failure",
-          "type": "creation",
+          "type": Array [
+            "creation",
+          ],
         },
         "kibana": Object {
           "saved_object": Object {

diff --git a/x-pack/plugins/actions/server/lib/audit_events.ts b/x-pack/plugins/actions/server/lib/audit_events.ts
@@ -5,7 +5,8 @@
  * 2.0.
  */
 
-import { AuditEvent, EventOutcome, EventCategory, EventType } from '../../../security/server';
+import type { EcsEventOutcome, EcsEventType } from 'src/core/server';
+import { AuditEvent } from '../../../security/server';
 
 export enum ConnectorAuditAction {
   CREATE = 'connector_create',
@@ -27,18 +28,18 @@ const eventVerbs: Record<ConnectorAuditAction, VerbsTuple> = {
   connector_execute: ['execute', 'executing', 'executed'],
 };
 
-const eventTypes: Record<ConnectorAuditAction, EventType | undefined> = {
-  connector_create: EventType.CREATION,
-  connector_get: EventType.ACCESS,
-  connector_update: EventType.CHANGE,
-  connector_delete: EventType.DELETION,
-  connector_find: EventType.ACCESS,
+const eventTypes: Record<ConnectorAuditAction, EcsEventType | undefined> = {
+  connector_create: 'creation',
+  connector_get: 'access',
+  connector_update: 'change',
+  connector_delete: 'deletion',
+  connector_find: 'access',
   connector_execute: undefined,
 };
 
 export interface ConnectorAuditEventParams {
   action: ConnectorAuditAction;
-  outcome?: EventOutcome;
+  outcome?: EcsEventOutcome;
   savedObject?: NonNullable<AuditEvent['kibana']>['saved_object'];
   error?: Error;
 }
@@ -53,7 +54,7 @@ export function connectorAuditEvent({
   const [present, progressive, past] = eventVerbs[action];
   const message = error
     ? `Failed attempt to ${present} ${doc}`
-    : outcome === EventOutcome.UNKNOWN
+    : outcome === 'unknown'
     ? `User is ${progressive} ${doc}`
     : `User has ${past} ${doc}`;
   const type = eventTypes[action];
@@ -62,9 +63,9 @@ export function connectorAuditEvent({
     message,
     event: {
       action,
-      category: EventCategory.DATABASE,
-      type,
-      outcome: outcome ?? (error ? EventOutcome.FAILURE : EventOutcome.SUCCESS),
+      category: ['database'],
+      type: type ? [type] : undefined,
+      outcome: outcome ?? (error ? 'failure' : 'success'),
     },
     kibana: {
       saved_object: savedObject,