[RAC] [RBAC] add space ids array to each alert document #105173
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dhurley14
force-pushed
the
spaceids_alerts_authz
branch
from
ab2f789
to
43cdac3
Compare
dhurley14
added
Feature:RAC
dhurley14
commented
Jul 14, 2021
dhurley14
added
the
auto-backport
xcrzx
reviewed
Jul 15, 2021
… of this could go in the authorization class but I don't think we have access to the spaceids when we generate the kibana security action strings?
…pdates jest tests, adds integration tests
…e_ids to kibana.space_ids
dhurley14
force-pushed
the
spaceids_alerts_authz
branch
from
0aeb067
to
58be86e
Compare
…na.space_ids in rule registry integration tests and apm integration tests
xcrzx
approved these changes
Jul 16, 2021
Comment on lines
+263
to
+265
| // not sure why typescript needs the non-null assertion here | ||
| // we already assert the value is not undefined with the ternary | ||
| // still getting an error with the ternary.. strange. |
There was a problem hiding this comment.
This is a Typescript limitation. It is not smart enough to narrow down the type of a computed property inside if-else:
const obj: { prop?: string } = {}
if (obj.prop) {
obj.prop.toLowerCase() // <- guard works, no type error
}
const prop: 'prop' = 'prop'
if (obj[prop]) {
obj[prop].toLowerCase() // <- guard doesn't work, object is possibly 'undefined' error
}
ymao1
reviewed
Jul 16, 2021
x-pack/plugins/rule_registry/docs/alerts_client/classes/alertsclient.md
Outdated
Show resolved
Hide resolved
ymao1
reviewed
Jul 16, 2021
💚 Build SucceededMetrics [docs]Public APIs missing comments
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @dhurley14 |
💔 Backport failed
To backport manually run: |
Comment on lines
+267
to
+270
| event[SPACE_IDS] = | ||
| event[SPACE_IDS] == null | ||
| ? [spaceId] | ||
| : [spaceId, ...event[SPACE_IDS]!.filter((sid) => sid !== spaceId)]; |
There was a problem hiding this comment.
It looks like we're only adding space IDs for lifecycle alerts. Is there something preventing us from injecting the space ID inside the RuleDataClient bulk method so that persistence rule types and any future rule types will also automatically inject the space ID?
There was a problem hiding this comment.
This is true we could push down the space id from the plugins into the rule data client, which would then be accessible via the bulk method. I'll take a look at this.
There was a problem hiding this comment.
We would end up iterating over the data passed into bulk twice rather than once (like in the executor definitions), so not that optimal.
dhurley14
added a commit
to dhurley14/kibana
that referenced
this pull request
Jul 16, 2021
* kind of working solution... need to fix types.. would be great if all of this could go in the authorization class but I don't think we have access to the spaceids when we generate the kibana security action strings? * update mapping type as array:true for space_ids field, fixes types, updates jest tests, adds integration tests * undo changes in alerting authz class * update snapshot for apm api integration test for rules writing alerts * fix apm integration tests * omit version and sequence from expected outcome * re-add space id after this code was moved in master * add another default space id to test * fixes bug to remove duplicate spaceids * add space ids filter to elasticsearch query, updates detection role * update snapshot * update type docs for alerts client * remove dead code * fix type error * renames space ids field on alert documents from kibana.rac.alert.space_ids to kibana.space_ids * fixes kb-rule-data-utils package * update snapshots * remove references to kibana.rac.alert.space_ids and replace with kibana.space_ids in rule registry integration tests and apm integration tests * fix apm functional test snapshots * undo index name changes I made in apm integration test configs * update typedocs references to upstream, not local repo # Conflicts: # x-pack/test/rule_registry/security_and_spaces/tests/trial/update_alert.ts
dhurley14
added a commit
that referenced
this pull request
Jul 16, 2021
…06023) * kind of working solution... need to fix types.. would be great if all of this could go in the authorization class but I don't think we have access to the spaceids when we generate the kibana security action strings? * update mapping type as array:true for space_ids field, fixes types, updates jest tests, adds integration tests * undo changes in alerting authz class * update snapshot for apm api integration test for rules writing alerts * fix apm integration tests * omit version and sequence from expected outcome * re-add space id after this code was moved in master * add another default space id to test * fixes bug to remove duplicate spaceids * add space ids filter to elasticsearch query, updates detection role * update snapshot * update type docs for alerts client * remove dead code * fix type error * renames space ids field on alert documents from kibana.rac.alert.space_ids to kibana.space_ids * fixes kb-rule-data-utils package * update snapshots * remove references to kibana.rac.alert.space_ids and replace with kibana.space_ids in rule registry integration tests and apm integration tests * fix apm functional test snapshots * undo index name changes I made in apm integration test configs * update typedocs references to upstream, not local repo # Conflicts: # x-pack/test/rule_registry/security_and_spaces/tests/trial/update_alert.ts
KOTungseth
added
the
Team: SecuritySolution
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Since we cannot provide the space id during the generation of the security URI's in the feature privilege builder step (in plugin setup phase) we must filter them out during the fetch of the alert.
Checklist
Delete any items that are not applicable to this PR.
For maintainers