Removing auditing during export

x-pack/plugins/actions/server/lib/audit_events.ts

@@ -15,7 +15,6 @@ export enum ConnectorAuditAction {
   DELETE = 'connector_delete',
   FIND = 'connector_find',
   EXECUTE = 'connector_execute',
-  EXPORT = 'connector_export',
 }
 
 type VerbsTuple = [string, string, string];
@@ -27,7 +26,6 @@ const eventVerbs: Record<ConnectorAuditAction, VerbsTuple> = {
   connector_delete: ['delete', 'deleting', 'deleted'],
   connector_find: ['access', 'accessing', 'accessed'],
   connector_execute: ['execute', 'executing', 'executed'],
-  connector_export: ['export', 'exporting', 'exported'],
 };
 
 const eventTypes: Record<ConnectorAuditAction, EcsEventType | undefined> = {
@@ -37,7 +35,6 @@ const eventTypes: Record<ConnectorAuditAction, EcsEventType | undefined> = {
   connector_delete: 'deletion',
   connector_find: 'access',
   connector_execute: undefined,
-  connector_export: 'access',
 };
 
 export interface ConnectorAuditEventParams {

x-pack/plugins/actions/server/plugin.ts

@@ -181,7 +181,7 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     }
 
     plugins.features.registerKibanaFeature(ACTIONS_FEATURE);
-    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects, plugins.security);
+    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects);
 
     this.eventLogService = plugins.eventLog;
     plugins.eventLog.registerProviderActions(EVENT_LOG_PROVIDER, Object.values(EVENT_LOG_ACTIONS));

x-pack/plugins/actions/server/saved_objects/index.ts

@@ -11,7 +11,6 @@ import {
   SavedObjectsServiceSetup,
 } from 'kibana/server';
 import { EncryptedSavedObjectsPluginSetup } from '../../../encrypted_saved_objects/server';
-import { SecurityPluginSetup } from '../../../security/server';
 import mappings from './mappings.json';
 import { getMigrations } from './migrations';
 import { RawAction } from '../types';
@@ -24,8 +23,7 @@ export const ACTION_TASK_PARAMS_SAVED_OBJECT_TYPE = 'action_task_params';
 
 export function setupSavedObjects(
   savedObjects: SavedObjectsServiceSetup,
-  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup,
-  security?: SecurityPluginSetup
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup
 ) {
   savedObjects.registerType({
     name: ACTION_SAVED_OBJECT_TYPE,
@@ -43,8 +41,7 @@ export function setupSavedObjects(
         context: SavedObjectsExportTransformContext,
         objects: Array<SavedObject<RawAction>>
       ) {
-        const auditLogger = security?.audit.asScoped(context.request);
-        return transformConnectorsForExport(objects, auditLogger);
+        return transformConnectorsForExport(objects);
       },
       onImport(connectors) {
         return {

x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.test.ts

@@ -6,8 +6,6 @@
  */
 
 import { transformConnectorsForExport } from './transform_connectors_for_export';
-import { auditServiceMock } from '../../../security/server/audit/index.mock';
-import { httpServerMock } from '../../../../../src/core/server/mocks';
 
 describe('transform connector for export', () => {
   const connectorsWithNoSecrets = [
@@ -226,42 +224,4 @@ describe('transform connector for export', () => {
       }))
     );
   });
-
-  it('should call audit logger if available', () => {
-    const auditLogger = auditServiceMock.create().asScoped(httpServerMock.createKibanaRequest());
-    transformConnectorsForExport(
-      [
-        {
-          id: '1',
-          type: 'action',
-          attributes: {
-            actionTypeId: '.email',
-            name: 'email connector without auth',
-            isMissingSecrets: false,
-            config: {
-              hasAuth: false,
-              from: 'me@me.com',
-              host: 'hi',
-              port: 22,
-              service: null,
-              secure: null,
-            },
-            secrets: 'asbqw4tqbef',
-          },
-          references: [],
-        },
-      ],
-      auditLogger
-    );
-    expect(auditLogger.log).toHaveBeenCalledTimes(1);
-    expect(auditLogger.log).toHaveBeenCalledWith(
-      expect.objectContaining({
-        event: expect.objectContaining({
-          action: 'connector_export',
-          outcome: 'success',
-        }),
-        kibana: { saved_object: { id: '1', type: 'action' } },
-      })
-    );
-  });
 });

x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.ts

@@ -6,37 +6,24 @@
  */
 
 import { SavedObject } from 'kibana/server';
-import { AuditLogger } from '../../../security/server';
 import { RawAction } from '../types';
-import { connectorAuditEvent, ConnectorAuditAction } from '../lib/audit_events';
 
 const CONNECTORS_WITHOUT_SECRETS = ['.index', '.server-log'];
 const CONNECTORS_CHECK_AUTH = ['.email', '.webhook'];
 
 export function transformConnectorsForExport(
-  connectors: SavedObject[],
-  auditLogger?: AuditLogger
+  connectors: SavedObject[]
 ): Array<SavedObject<RawAction>> {
   return connectors.map((connector) =>
-    transformConnectorForExport(connector as SavedObject<RawAction>, auditLogger)
+    transformConnectorForExport(connector as SavedObject<RawAction>)
   );
 }
 
 function connectorHasNoAuth(connector: SavedObject<RawAction>) {
   return connector?.attributes?.config?.hasAuth === false;
 }
 
-function transformConnectorForExport(
-  connector: SavedObject<RawAction>,
-  auditLogger?: AuditLogger
-): SavedObject<RawAction> {
-  auditLogger?.log(
-    connectorAuditEvent({
-      action: ConnectorAuditAction.EXPORT,
-      savedObject: { type: 'action', id: connector.id },
-    })
-  );
-
+function transformConnectorForExport(connector: SavedObject<RawAction>): SavedObject<RawAction> {
   // Skip connectors with no secrets
   if (CONNECTORS_WITHOUT_SECRETS.includes(connector.attributes.actionTypeId)) {
     return connector;

x-pack/plugins/alerting/server/alerts_client/audit_events.ts

@@ -21,7 +21,6 @@ export enum AlertAuditAction {
   UNMUTE = 'alert_unmute',
   MUTE_INSTANCE = 'alert_instance_mute',
   UNMUTE_INSTANCE = 'alert_instance_unmute',
-  EXPORT = 'alert_export',
 }
 
 type VerbsTuple = [string, string, string];
@@ -39,7 +38,6 @@ const eventVerbs: Record<AlertAuditAction, VerbsTuple> = {
   alert_unmute: ['unmute', 'unmuting', 'unmuted'],
   alert_instance_mute: ['mute instance of', 'muting instance of', 'muted instance of'],
   alert_instance_unmute: ['unmute instance of', 'unmuting instance of', 'unmuted instance of'],
-  alert_export: ['export', 'exporting', 'exported'],
 };
 
 const eventTypes: Record<AlertAuditAction, EcsEventType> = {
@@ -55,7 +53,6 @@ const eventTypes: Record<AlertAuditAction, EcsEventType> = {
   alert_unmute: 'change',
   alert_instance_mute: 'change',
   alert_instance_unmute: 'change',
-  alert_export: 'access',
 };
 
 export interface AlertAuditEventParams {

x-pack/plugins/alerting/server/plugin.ts

@@ -184,7 +184,7 @@ export class AlertingPlugin {
       event: { provider: EVENT_LOG_PROVIDER },
     });
 
-    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects, this.security);
+    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects);
 
     this.eventLogService = plugins.eventLog;
     plugins.eventLog.registerProviderActions(EVENT_LOG_PROVIDER, Object.values(EVENT_LOG_ACTIONS));

x-pack/plugins/alerting/server/saved_objects/index.ts

@@ -10,7 +10,6 @@ import {
   SavedObjectsExportTransformContext,
   SavedObjectsServiceSetup,
 } from 'kibana/server';
-import { SecurityPluginSetup } from '../../../security/server';
 import mappings from './mappings.json';
 import { getMigrations } from './migrations';
 import { EncryptedSavedObjectsPluginSetup } from '../../../encrypted_saved_objects/server';
@@ -40,8 +39,7 @@ export type AlertAttributesExcludedFromAADType =
 
 export function setupSavedObjects(
   savedObjects: SavedObjectsServiceSetup,
-  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup,
-  security?: SecurityPluginSetup
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup
 ) {
   savedObjects.registerType({
     name: 'alert',
@@ -58,8 +56,7 @@ export function setupSavedObjects(
         context: SavedObjectsExportTransformContext,
         objects: Array<SavedObject<RawAlert>>
       ) {
-        const auditLogger = security?.audit.asScoped(context.request);
-        return transformRulesForExport(objects, auditLogger);
+        return transformRulesForExport(objects);
       },
     },
   });

x-pack/plugins/alerting/server/saved_objects/transform_rule_for_export.test.ts

@@ -6,8 +6,6 @@
  */
 
 import { transformRulesForExport } from './transform_rule_for_export';
-import { auditServiceMock } from '../../../security/server/audit/index.mock';
-import { httpServerMock } from '../../../../../src/core/server/mocks';
 
 describe('transform rule for export', () => {
   const date = new Date().toISOString();
@@ -90,28 +88,4 @@ describe('transform rule for export', () => {
       }))
     );
   });
-
-  it('should call audit logger if available', () => {
-    const auditLogger = auditServiceMock.create().asScoped(httpServerMock.createKibanaRequest());
-    transformRulesForExport(mockRules, auditLogger);
-    expect(auditLogger.log).toHaveBeenCalledTimes(mockRules.length);
-    expect(auditLogger.log).toHaveBeenCalledWith(
-      expect.objectContaining({
-        event: expect.objectContaining({
-          action: 'alert_export',
-          outcome: 'success',
-        }),
-        kibana: { saved_object: { id: '1', type: 'alert' } },
-      })
-    );
-    expect(auditLogger.log).toHaveBeenCalledWith(
-      expect.objectContaining({
-        event: expect.objectContaining({
-          action: 'alert_export',
-          outcome: 'success',
-        }),
-        kibana: { saved_object: { id: '2', type: 'alert' } },
-      })
-    );
-  });
 });

x-pack/plugins/alerting/server/saved_objects/transform_rule_for_export.ts

@@ -6,27 +6,13 @@
  */
 
 import { SavedObject } from 'kibana/server';
-import { AuditLogger } from '../../../security/server';
-import { AlertAuditAction, alertAuditEvent } from '../alerts_client/audit_events';
 import { RawAlert } from '../types';
 
-export function transformRulesForExport(
-  rules: SavedObject[],
-  auditLogger?: AuditLogger
-): Array<SavedObject<RawAlert>> {
-  return rules.map((rule) => transformRuleForExport(rule as SavedObject<RawAlert>, auditLogger));
+export function transformRulesForExport(rules: SavedObject[]): Array<SavedObject<RawAlert>> {
+  return rules.map((rule) => transformRuleForExport(rule as SavedObject<RawAlert>));
 }
 
-function transformRuleForExport(
-  rule: SavedObject<RawAlert>,
-  auditLogger?: AuditLogger
-): SavedObject<RawAlert> {
-  auditLogger?.log(
-    alertAuditEvent({
-      action: AlertAuditAction.EXPORT,
-      savedObject: { type: 'alert', id: rule.id },
-    })
-  );
+function transformRuleForExport(rule: SavedObject<RawAlert>): SavedObject<RawAlert> {
   return {
     ...rule,
     attributes: {