Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ECS audit events for alerting #84113

Merged
merged 19 commits into from
Dec 4, 2020
Merged

ECS audit events for alerting #84113

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
51a784a
ECS audit events for alerts plugin
thomheymann Nov 16, 2020
3652cf0
added api changes
thomheymann Nov 24, 2020
ac215a0
fixed linting and testing errors
thomheymann Nov 24, 2020
7abc2b0
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Nov 24, 2020
6c3cb47
fix test
thomheymann Nov 24, 2020
5f10ab5
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Nov 24, 2020
4e3d1a1
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Nov 25, 2020
337a902
Fixed linting errors after prettier update
thomheymann Nov 25, 2020
5f598d1
Revert "Allow predefined ids for encrypted saved objects (#83482)"
thomheymann Nov 25, 2020
a2dd90f
Added suggestions from code review
thomheymann Nov 27, 2020
c9082be
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Nov 30, 2020
d11ffc2
Fixed unit tests
thomheymann Nov 30, 2020
6e473a9
Added suggestions from code review
thomheymann Nov 30, 2020
fa5215a
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Dec 1, 2020
9014744
Changed names of alert events
thomheymann Dec 1, 2020
2873fe7
Changed naming as suggested in code review
thomheymann Dec 2, 2020
5b91bb8
Merge branch 'master' into alerting/audit-logging
kibanamachine Dec 3, 2020
459e0c4
Added suggestions from PR
thomheymann Dec 4, 2020
0ff3dfe
Merge remote-tracking branch 'origin/master' into alerting/audit-logging
thomheymann Dec 4, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions docs/development/core/server/kibana-plugin-core-server.generatesavedobjectid.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<!-- Do not edit this file. It is automatically generated by API Documenter. -->

[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [generateSavedObjectId](./kibana-plugin-core-server.generatesavedobjectid.md)

## generateSavedObjectId() function

Generates a random id for saved objects.

<b>Signature:</b>

```typescript
export declare function generateSavedObjectId(): string;
```
<b>Returns:</b>

`string`

1 change: 1 addition & 0 deletions docs/development/core/server/kibana-plugin-core-server.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ The plugin integrates with the core system via lifecycle events: `setup`<!-- -->
| Function | Description |
| --- | --- |
| [exportSavedObjectsToStream({ types, hasReference, objects, search, savedObjectsClient, exportSizeLimit, includeReferencesDeep, excludeExportDetails, namespace, })](./kibana-plugin-core-server.exportsavedobjectstostream.md) | Generates sorted saved object stream to be used for export. See the [options](./kibana-plugin-core-server.savedobjectsexportoptions.md) for more detailed information. |
| [generateSavedObjectId()](./kibana-plugin-core-server.generatesavedobjectid.md) | Generates a random id for saved objects. |
| [importSavedObjectsFromStream({ readStream, objectLimit, overwrite, createNewCopies, savedObjectsClient, typeRegistry, namespace, })](./kibana-plugin-core-server.importsavedobjectsfromstream.md) | Import saved objects from given stream. See the [options](./kibana-plugin-core-server.savedobjectsimportoptions.md) for more detailed information. |
| [resolveSavedObjectsImportErrors({ readStream, objectLimit, retries, savedObjectsClient, typeRegistry, namespace, createNewCopies, })](./kibana-plugin-core-server.resolvesavedobjectsimporterrors.md) | Resolve and return saved object import errors. See the [options](./kibana-plugin-core-server.savedobjectsresolveimporterrorsoptions.md) for more detailed informations. |

Expand Down
68 changes: 68 additions & 0 deletions docs/user/security/audit-logging.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is creating a saved object.
| `failure` | User is not authorized to create a saved object.

.2+| `connector_create`
| `unknown` | User is creating a connector.
| `failure` | User is not authorized to create a connector.

.2+| `alert_rule_create`
| `unknown` | User is creating an alert rule.
| `failure` | User is not authorized to create an alert rule.


3+a|
====== Type: change
Expand All @@ -108,6 +116,42 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is removing references to a saved object.
| `failure` | User is not authorized to remove references to a saved object.

.2+| `connector_update`
| `unknown` | User is updating a connector.
| `failure` | User is not authorized to update a connector.

.2+| `alert_rule_update`
| `unknown` | User is updating an alert rule.
| `failure` | User is not authorized to update an alert rule.

.2+| `alert_rule_update_api_key`
| `unknown` | User is updating the API key of an alert rule.
| `failure` | User is not authorized to update the API key of an alert rule.

.2+| `alert_rule_enable`
| `unknown` | User is enabling an alert rule.
| `failure` | User is not authorized to enable an alert rule.

.2+| `alert_rule_disable`
| `unknown` | User is disabling an alert rule.
| `failure` | User is not authorized to disable an alert rule.

.2+| `alert_rule_mute`
| `unknown` | User is muting an alert rule.
| `failure` | User is not authorized to mute an alert rule.

.2+| `alert_rule_unmute`
| `unknown` | User is unmuting an alert rule.
| `failure` | User is not authorized to unmute an alert rule.

.2+| `alert_instance_mute`
| `unknown` | User is muting an alert instance.
| `failure` | User is not authorized to mute an alert instance.

.2+| `alert_instance_unmute`
| `unknown` | User is unmuting an alert instance.
| `failure` | User is not authorized to unmute an alert instance.


3+a|
====== Type: deletion
Expand All @@ -120,6 +164,14 @@ Refer to the corresponding {es} logs for potential write errors.
| `unknown` | User is deleting a saved object.
| `failure` | User is not authorized to delete a saved object.

.2+| `connector_delete`
| `unknown` | User is deleting a connector.
| `failure` | User is not authorized to delete a connector.

.2+| `alert_rule_delete`
| `unknown` | User is deleting an alert rule.
| `failure` | User is not authorized to delete an alert rule.

3+a|
====== Type: access

Expand All @@ -135,6 +187,22 @@ Refer to the corresponding {es} logs for potential write errors.
| `success` | User has accessed a saved object as part of a search operation.
| `failure` | User is not authorized to search for saved objects.

.2+| `connector_get`
| `success` | User has accessed a connector.
| `failure` | User is not authorized to access a connector.

.2+| `connector_find`
| `success` | User has accessed a connector as part of a search operation.
| `failure` | User is not authorized to search for connectors.

.2+| `alert_rule_get`
| `success` | User has accessed an alert rule.
| `failure` | User is not authorized to access an alert rule.

.2+| `alert_rule_find`
| `success` | User has accessed an alert rule as part of a search operation.
| `failure` | User is not authorized to search for alert rules.


3+a|
===== Category: web
Expand Down
1 change: 1 addition & 0 deletions src/core/server/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,7 @@ export {
exportSavedObjectsToStream,
importSavedObjectsFromStream,
resolveSavedObjectsImportErrors,
generateSavedObjectId,
Copy link
Contributor

@pgayvallet pgayvallet Nov 24, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should reduce non-contract APIs exposed from core to a minimum (the import/export static functions are remains from legacy that will be moved to the SO service mid term). Any reason this generateSavedObjectId is exposed as a static function instead of being provided by the savedObjects service contract?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a pure function that doesn't require any shared state so didn't make sense to me to add it to the SavedObjectsSerializer. Maybe we could add it as a static method to SavedObjectsServiceSetup if that addresses your concern?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @rudolf wdyt? is exposing generateSavedObjectId statically from the index acceptable to you, or do you think this should be exposed from the SO service contract?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another option could be to put this into kbn-utils package.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another option could be to put this into kbn-utils package.

I don't think we should. Separate by domain is one of our main principles, so it should belong to saved objects.
++ to add it as a setup/start contract property. id creation operation doesn't sound like serializer responsibility.
btw why other code in SO service still calls uuid to generate id?

kibana/src/core/server/saved_objects/service/lib/repository.ts

Line 350 in d4b2a51

if (object.id == null) object.id = uuid.v1();

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

However in that case, I'd say that the best option may be to stick to using uuid.v1 from the consuming code until we do implement this new API. @rudolf @restrry wdyt?

👍

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

However in that case, I'd say that the best option may be to stick to using uuid.v1 from the consuming code until we do implement this new API. @rudolf @restrry wdyt?

I believe the logic for ID generation is changing in the very near future (👀 @jportner), so I feel like it'd be safer to keep the logic consolidated in the static helper. Asking consumers to use uuid.v1 is leaking an implementation detail of the SO service, which feels worse to me than exposing a static function from the service.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the logic for ID generation is changing in the very near future (👀 @jportner)

Sharing Saved Objects will implement ID (re-)generation when existing objects are converted, but I have no plans to change "regular" ID generation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's keep it in SavedObjectsUtils then. it would be easier to track than greping for uuid anyway when we'll need to move that to the service contract.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All done. Please give it another parse.

} from './saved_objects';

export {
Expand Down
1 change: 1 addition & 0 deletions src/core/server/saved_objects/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ export {
SavedObjectsRawDoc,
SavedObjectSanitizedDoc,
SavedObjectUnsanitizedDoc,
generateSavedObjectId,
} from './serialization';

export { SavedObjectsMigrationLogger } from './migrations/core/migration_logger';
Expand Down
2 changes: 1 addition & 1 deletion src/core/server/saved_objects/serialization/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ export {
SavedObjectsRawDoc,
SavedObjectsRawDocSource,
} from './types';
export { SavedObjectsSerializer } from './serializer';
export { SavedObjectsSerializer, generateSavedObjectId } from './serializer';
11 changes: 10 additions & 1 deletion src/core/server/saved_objects/serialization/serializer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ export class SavedObjectsSerializer {
public generateRawId(namespace: string | undefined, type: string, id?: string) {
const namespacePrefix =
namespace && this.registry.isSingleNamespace(type) ? `${namespace}:` : '';
return `${namespacePrefix}${type}:${id || uuid.v1()}`;
return `${namespacePrefix}${type}:${id || generateSavedObjectId()}`;
}

private trimIdPrefix(namespace: string | undefined, type: string, id: string) {
Expand All @@ -149,6 +149,15 @@ export class SavedObjectsSerializer {
}
}

/**
* Generates a random id for saved objects.
*
* @public
*/
export function generateSavedObjectId() {
return uuid.v1();
}

function assertNonEmptyString(value: string, name: string) {
if (!value || typeof value !== 'string') {
throw new TypeError(`Expected "${value}" to be a ${name}`);
Expand Down
3 changes: 3 additions & 0 deletions src/core/server/server.api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,6 +738,9 @@ export interface FakeRequest {
headers: Headers;
}

// @public
export function generateSavedObjectId(): string;

// @public
export type GetAuthHeaders = (request: KibanaRequest | LegacyRequest) => AuthHeaders | undefined;

Expand Down
Loading