-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ReaponseOps] Add name property to audit logs SO #193323
[ReaponseOps] Add name property to audit logs SO #193323
Conversation
8d0d50c
to
5138ba4
Compare
Pinging @elastic/response-ops (Team:ResponseOps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work! LTGM!
@@ -382,8 +384,8 @@ describe('scheduleBackfill()', () => { | |||
outcome: 'success', | |||
type: ['access'], | |||
}, | |||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE } }, | |||
message: 'User has scheduled backfill for rule [id=1]', | |||
kibana: { saved_object: { id: '1', type: RULE_SAVED_OBJECT_TYPE, name: 'my rule name' } }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Should not this be fakeRuleName
?
@@ -179,6 +179,7 @@ export class AlertingAuthorization { | |||
entity, | |||
additionalPrivileges = [], | |||
}: EnsureAuthorizedOpts) { | |||
console.log('ensureAuthorized', ensureAuthorized); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not forget to remove this 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this file is not related to this PR. What about deleting it?
@@ -161,7 +161,12 @@ export function ruleAuditEvent({ | |||
outcome, | |||
error, | |||
}: RuleAuditEventParams): AuditEvent { | |||
const doc = savedObject ? `rule [id=${savedObject.id}]` : 'a rule'; | |||
const doc = savedObject | |||
? [`rule [id=${savedObject.id}]`, savedObject.name && `[name:${savedObject.name}]`] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it is nice to be consistent with our formatting. In the ID we have =
but in the name :
. I would say to go with =
for the name. For example [name=${savedObject.name}]
? `${AD_HOC_RUN_SAVED_OBJECT_TYPE} [id=${savedObject.id}]` | ||
? [ | ||
`${AD_HOC_RUN_SAVED_OBJECT_TYPE} [id=${savedObject.id}]`, | ||
savedObject.name && `${savedObject.name}`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here: [name=${savedObject.name}]
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's for add hoc. And name is not rule name, but phrase like this:
savedObject: {
type: AD_HOC_RUN_SAVED_OBJECT_TYPE,
id,
name: `backfill for rule "${result.attributes.rule.name}"`,
},
Ying add this line before, but I decided to keep it and add to the doc. (before it was not used somehow)
…:guskovaue/kibana into MX-19823-add-name-property-audit-logs-so
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @guskovaue |
Issue: elastic/enhancements#19823 So the purpose of this PR is to add a rule name to each audit log in alerting API. Previously if with a rule was done some action (like create, delete, etc.), the user could see it in an audit log. But this log included only rule SO id, but not name. Users wanted to see a rule name associated with the audit log. So here I added it. The principle I follow here to accelerate development (agreed with @cnasikas): if it is easy (name easy to extract in the code the `savedObject`) to pass it. If it is not do not. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios (cherry picked from commit 45b4089)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…3954) # Backport This will backport the following commits from `main` to `8.x`: - [[ReaponseOps] Add name property to audit logs SO (#193323)](#193323) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Julia","email":"iuliia.guskova@elastic.co"},"sourceCommit":{"committedDate":"2024-09-25T09:34:55Z","message":"[ReaponseOps] Add name property to audit logs SO (#193323)\n\nIssue: elastic/enhancements#19823 the purpose of this PR is to add a rule name to each audit log in\r\nalerting API.\r\nPreviously if with a rule was done some action (like create, delete,\r\netc.), the user could see it in an audit log. But this log included only\r\nrule SO id, but not name. Users wanted to see a rule name associated\r\nwith the audit log.\r\nSo here I added it.\r\n\r\nThe principle I follow here to accelerate development (agreed with\r\n@cnasikas): if it is easy (name easy to extract in the code the\r\n`savedObject`) to pass it. If it is not do not.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"45b4089371f5b7694fde7d08b6a7aaeb70c4a56e","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v9.0.0","backport:prev-minor","v8.16.0"],"title":"[ReaponseOps] Add name property to audit logs SO","number":193323,"url":"#193323 Add name property to audit logs SO (#193323)\n\nIssue: elastic/enhancements#19823 the purpose of this PR is to add a rule name to each audit log in\r\nalerting API.\r\nPreviously if with a rule was done some action (like create, delete,\r\netc.), the user could see it in an audit log. But this log included only\r\nrule SO id, but not name. Users wanted to see a rule name associated\r\nwith the audit log.\r\nSo here I added it.\r\n\r\nThe principle I follow here to accelerate development (agreed with\r\n@cnasikas): if it is easy (name easy to extract in the code the\r\n`savedObject`) to pass it. If it is not do not.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"45b4089371f5b7694fde7d08b6a7aaeb70c4a56e"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"#193323 Add name property to audit logs SO (#193323)\n\nIssue: elastic/enhancements#19823 the purpose of this PR is to add a rule name to each audit log in\r\nalerting API.\r\nPreviously if with a rule was done some action (like create, delete,\r\netc.), the user could see it in an audit log. But this log included only\r\nrule SO id, but not name. Users wanted to see a rule name associated\r\nwith the audit log.\r\nSo here I added it.\r\n\r\nThe principle I follow here to accelerate development (agreed with\r\n@cnasikas): if it is easy (name easy to extract in the code the\r\n`savedObject`) to pass it. If it is not do not.\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios","sha":"45b4089371f5b7694fde7d08b6a7aaeb70c4a56e"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Julia <iuliia.guskova@elastic.co>
Issue: https://github.com/elastic/enhancements/issues/19823
So the purpose of this PR is to add a rule name to each audit log in alerting API.
Previously if with a rule was done some action (like create, delete, etc.), the user could see it in an audit log. But this log included only rule SO id, but not name. Users wanted to see a rule name associated with the audit log.
So here I added it.
The principle I follow here to accelerate development (agreed with @cnasikas): if it is easy (name easy to extract in the code the
savedObject
) to pass it. If it is not do not.Checklist