[Entity Analytics] New API endpoint to cleanup the risk engine instal…

…lation and data (elastic#191843) ## Summary 1. Create a new public API endpoint : `DELETE /api/risk_score/engine/dangerously_delete_data` ## Test cases Result ``` PASS x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts (7.017 s) risk engine cleanup route invokes the risk engine cleanup route ✓ should call the router with the correct route and handler (71 ms) ✓ returns a 200 when cleanup is successful (64 ms) ✓ returns a 500 when cleanup is unsuccessful (57 ms) ✓ returns a 500 when cleanup is unsuccessful with multiple errors (53 ms) when task manager is unavailable ✓ returns a 400 when task manager is unavailable (55 ms) when user does not have the required privileges ✓ returns a 403 when user does not have the required privileges (88 ms) ``` ### API Responses ## When multiple errors encountered ``` { "risk_engine_cleanup": false, "errors": [ { "seq": 1, "error": "resource_not_found_exception\n\tRoot causes:\n\t\tresource_not_found_exception: Transform with id [risk_score_latest_transform_default] could not be found" }, { "seq": 2, "error": "index_not_found_exception\n\tRoot causes:\n\t\tindex_not_found_exception: no such index [risk-score.risk-score-default]" }, { "seq": 3, "error": "index_template_missing_exception\n\tRoot causes:\n\t\tindex_template_missing_exception: index_template [.risk-score.risk-score-default-index-template] missing" }, { "seq": 4, "error": "resource_not_found_exception\n\tRoot causes:\n\t\tresource_not_found_exception: .risk-score-mappings" } ], "status_code": 500 } ``` ## Success ``` { "risk_engine_cleanup": true } ``` ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### OpenAPI spec ![image](https://github.com/user-attachments/assets/56d69602-061d-4a01-9d2b-01a8398ffc76) ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
kibanamachine · Sep 25, 2024 · 22f451b · 22f451b
1 parent 8d7dad2
commit 22f451b
Show file tree

Hide file tree

Showing 19 changed files with 823 additions and 6 deletions.
diff --git a/oas_docs/output/kibana.serverless.staging.yaml b/oas_docs/output/kibana.serverless.staging.yaml
@@ -15392,6 +15392,39 @@ paths:
       tags:
         - Security Timeline API
         - access:securitySolution
+  /api/risk_score/engine/dangerously_delete_data:
+    delete:
+      description: >-
+        Cleaning up the the Risk Engine by removing the indices, mapping and
+        transforms
+      operationId: CleanUpRiskEngine
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  cleanup_successful:
+                    type: boolean
+          description: Successful response
+        '400':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: >-
+                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+          description: Task manager is unavailable
+        default:
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: >-
+                  #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse
+          description: Unexpected error
+      summary: Cleanup the Risk Engine
+      tags:
+        - Security Entity Analytics API
   /api/risk_score/engine/schedule_now:
     post:
       description: >-
@@ -29750,6 +29783,27 @@ components:
       required:
         - id_value
         - id_field
+    Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse:
+      type: object
+      properties:
+        cleanup_successful:
+          example: false
+          type: boolean
+        errors:
+          items:
+            type: object
+            properties:
+              error:
+                type: string
+              seq:
+                type: integer
+            required:
+              - seq
+              - error
+          type: array
+      required:
+        - cleanup_successful
+        - errors
     Security_Entity_Analytics_API_CreateAssetCriticalityRecord:
       allOf:
         - $ref: >-

diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml
@@ -18822,6 +18822,39 @@ paths:
       tags:
         - Security Timeline API
         - access:securitySolution
+  /api/risk_score/engine/dangerously_delete_data:
+    delete:
+      description: >-
+        Cleaning up the the Risk Engine by removing the indices, mapping and
+        transforms
+      operationId: CleanUpRiskEngine
+      responses:
+        '200':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                type: object
+                properties:
+                  cleanup_successful:
+                    type: boolean
+          description: Successful response
+        '400':
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: >-
+                  #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse
+          description: Task manager is unavailable
+        default:
+          content:
+            application/json; Elastic-Api-Version=2023-10-31:
+              schema:
+                $ref: >-
+                  #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse
+          description: Unexpected error
+      summary: Cleanup the Risk Engine
+      tags:
+        - Security Entity Analytics API
   /api/risk_score/engine/schedule_now:
     post:
       description: >-
@@ -37759,6 +37792,27 @@ components:
       required:
         - id_value
         - id_field
+    Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse:
+      type: object
+      properties:
+        cleanup_successful:
+          example: false
+          type: boolean
+        errors:
+          items:
+            type: object
+            properties:
+              error:
+                type: string
+              seq:
+                type: integer
+            required:
+              - seq
+              - error
+          type: array
+      required:
+        - cleanup_successful
+        - errors
     Security_Entity_Analytics_API_CreateAssetCriticalityRecord:
       allOf:
         - $ref: >-

diff --git a/...ins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts b/...ins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+/*
+ * NOTICE: Do not edit this file manually.
+ * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator.
+ *
+ * info:
+ *   title: Risk Scoring API
+ *   version: 1
+ */
+
+import { z } from '@kbn/zod';
+
+export type CleanUpRiskEngineErrorResponse = z.infer<typeof CleanUpRiskEngineErrorResponse>;
+export const CleanUpRiskEngineErrorResponse = z.object({
+  cleanup_successful: z.boolean(),
+  errors: z.array(
+    z.object({
+      seq: z.number().int(),
+      error: z.string(),
+    })
+  ),
+});
+
+export type CleanUpRiskEngineResponse = z.infer<typeof CleanUpRiskEngineResponse>;
+export const CleanUpRiskEngineResponse = z.object({
+  cleanup_successful: z.boolean().optional(),
+});
diff --git a/...ecurity_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml b/...ecurity_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml
@@ -0,0 +1,60 @@
+openapi: 3.0.0
+info:
+  version: '1'
+  title: Risk Scoring API
+  description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics.
+paths:
+  /api/risk_score/engine/dangerously_delete_data:
+    delete:
+      x-labels: [ess, serverless]
+      x-codegen-enabled: true
+      operationId: CleanUpRiskEngine
+      summary: Cleanup the Risk Engine
+      description: Cleaning up the the Risk Engine by removing the indices, mapping and transforms
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  cleanup_successful:
+                    type: boolean
+        '400':
+          description: Task manager is unavailable
+          content:
+            application/json:
+              schema:
+                $ref: '../common/common.schema.yaml#/components/schemas/TaskManagerUnavailableResponse'
+        default:
+          description: Unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse'
+
+components:
+  schemas:
+    CleanUpRiskEngineErrorResponse:
+      type: object
+      required:
+        - cleanup_successful
+        - errors
+      properties:
+        cleanup_successful:
+          type: boolean
+          example: false
+        errors:
+          type: array
+          items:
+            type: object
+            required:
+              - seq
+              - error
+            properties:
+              seq:
+                type: integer
+              error:
+                type: string
+
diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/index.ts
@@ -15,3 +15,4 @@ export * from './calculation_route.gen';
 export * from './preview_route.gen';
 export * from './entity_calculation_route.gen';
 export * from './get_risk_engine_privileges.gen';
+export * from './engine_cleanup_route.gen';
diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts
@@ -274,6 +274,7 @@ import type {
   ListEntitiesRequestQueryInput,
   ListEntitiesResponse,
 } from './entity_analytics/entity_store/entities/list_entities.gen';
+import type { CleanUpRiskEngineResponse } from './entity_analytics/risk_engine/engine_cleanup_route.gen';
 import type { DisableRiskEngineResponse } from './entity_analytics/risk_engine/engine_disable_route.gen';
 import type { EnableRiskEngineResponse } from './entity_analytics/risk_engine/engine_enable_route.gen';
 import type { InitRiskEngineResponse } from './entity_analytics/risk_engine/engine_init_route.gen';
@@ -540,6 +541,21 @@ If asset criticality records already exist for the specified entities, those rec
       })
       .catch(catchAxiosErrorFormatAndThrow);
   }
+  /**
+   * Cleaning up the the Risk Engine by removing the indices, mapping and transforms
+   */
+  async cleanUpRiskEngine() {
+    this.log.info(`${new Date().toISOString()} Calling API CleanUpRiskEngine`);
+    return this.kbnClient
+      .request<CleanUpRiskEngineResponse>({
+        path: '/api/risk_score/engine/dangerously_delete_data',
+        headers: {
+          [ELASTIC_HTTP_VERSION_HEADER]: '1',
+        },
+        method: 'DELETE',
+      })
+      .catch(catchAxiosErrorFormatAndThrow);
+  }
   async createAlertsIndex() {
     this.log.info(`${new Date().toISOString()} Calling API CreateAlertsIndex`);
     return this.kbnClient

diff --git a/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts b/x-pack/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts
@@ -16,6 +16,7 @@ export const RISK_ENGINE_SETTINGS_URL = `${RISK_ENGINE_URL}/settings` as const;
 // Public Risk Score routes
 export const PUBLIC_RISK_ENGINE_URL = `${PUBLIC_RISK_SCORE_URL}/engine` as const;
 export const RISK_ENGINE_SCHEDULE_NOW_URL = `${RISK_ENGINE_URL}/schedule_now` as const;
+export const RISK_ENGINE_CLEANUP_URL = `${PUBLIC_RISK_ENGINE_URL}/dangerously_delete_data` as const;
 
 type ClusterPrivilege = 'manage_index_templates' | 'manage_transform';
 export const RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [

diff --git a/...ty_solution/docs/openapi/ess/security_solution_entity_analytics_api_1.bundled.schema.yaml b/...ty_solution/docs/openapi/ess/security_solution_entity_analytics_api_1.bundled.schema.yaml
@@ -0,0 +1,88 @@
+openapi: 3.0.3
+info:
+  description: ''
+  title: Security Entity Analytics API (Elastic Cloud and self-hosted)
+  version: '1'
+servers:
+  - url: http://{kibana_host}:{port}
+    variables:
+      kibana_host:
+        default: localhost
+      port:
+        default: '5601'
+paths:
+  /api/risk_score/engine/dangerously_delete_data:
+    delete:
+      description: >-
+        Cleaning up the the Risk Engine by removing the indices, mapping and
+        transforms
+      operationId: CleanUpRiskEngine
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  cleanup_successful:
+                    type: boolean
+          description: Successful response
+        '400':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/TaskManagerUnavailableResponse'
+          description: Task manager is unavailable
+        default:
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse'
+          description: Unexpected error
+      summary: Cleanup the Risk Engine
+      tags:
+        - Security Entity Analytics API
+components:
+  schemas:
+    CleanUpRiskEngineErrorResponse:
+      type: object
+      properties:
+        cleanup_successful:
+          example: false
+          type: boolean
+        errors:
+          items:
+            type: object
+            properties:
+              error:
+                type: string
+              seq:
+                type: integer
+            required:
+              - seq
+              - error
+          type: array
+      required:
+        - cleanup_successful
+        - errors
+    TaskManagerUnavailableResponse:
+      description: Task manager is unavailable
+      type: object
+      properties:
+        message:
+          type: string
+        status_code:
+          minimum: 400
+          type: integer
+      required:
+        - status_code
+        - message
+  securitySchemes:
+    BasicAuth:
+      scheme: basic
+      type: http
+security:
+  - BasicAuth: []
+tags:
+  - description: ''
+    name: Security Entity Analytics API