Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] Updating audit event terminology #102263

Merged
merged 5 commits into from
Jun 21, 2021
Merged

[Alerting] Updating audit event terminology #102263

merged 5 commits into from
Jun 21, 2021

Conversation

ymao1
Copy link
Contributor

@ymao1 ymao1 commented Jun 15, 2021
edited
Loading

Resolves #101476

Summary

This PR updates the terminology for audit events logged by the alerting framework alerts client when CRUD operations are performed on rules.

The following audit actions have been renamed:

  • alert_create has been renamed to rule_create
  • alert_get has been renamed to rule_get
  • alert_update has been renamed to rule_update
  • alert_update_api_key has been renamed to rule_update_api_key
  • alert_enable has been renamed to rule_enable
  • alert_disable has been renamed to rule_disable
  • alert_delete has been renamed to rule_delete
  • alert_find has been renamed to rule_find
  • alert_mute has been renamed to rule_mute
  • alert_unmute has been renamed to rule_unmute
  • alert_instance_mute has been renamed to rule_alert_mute
  • alert_instance_unmute has been renamed to rule_alert_unmute

In addition, the terminology inside the audit messages has been update to reference rules instead of `alerts. For example:

  • User is creating alert [id=${ruleId}] will now read User is creating rule [id=${ruleId}]

Checklist

Delete any items that are not applicable to this PR.

@ymao1 ymao1 changed the title Updating audit terminology [Alerting] Updating audit event terminology Jun 16, 2021
@ymao1
Copy link
Contributor Author

ymao1 commented Jun 16, 2021

@legrego This PR updates the terminology of audit events coming from the alerting framework as related to rules CRUD, based on this conversation in the alerts-as-data RBAC PR.

Just verifying again that this change is ok since audit events for the alert saved object will now diverge from having the alert_ prefix and instead have a rule_ prefix. Also, this should be tagged as a breaking change, correct?

@legrego
Copy link
Member

legrego commented Jun 16, 2021

@legrego This PR updates the terminology of audit events coming from the alerting framework as related to rules CRUD, based on this conversation in the alerts-as-data RBAC PR.

Awesome, thanks!

Just verifying again that this change is ok since audit events for the alert saved object will now diverge from having the alert_ prefix and instead have a rule_ prefix. Also, this should be tagged as a breaking change, correct?

Yes, I'm ok with this divergence - I think this change is actually more consistent from an end-user's perspective, as they think of these as "rules" rather than "alerts". Yes, let's mark this as a breaking change so that auditors know that we've changed the event types

@ymao1 ymao1 self-assigned this Jun 16, 2021
@ymao1 ymao1 added Feature:Alerting release_note:breaking Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.14.0 v8.0.0 labels Jun 16, 2021
@ymao1 ymao1 marked this pull request as ready for review June 16, 2021 12:18
@ymao1 ymao1 requested a review from a team as a code owner June 16, 2021 12:18
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@chrisronline chrisronline self-requested a review June 16, 2021 17:12
chrisronline
chrisronline reviewed Jun 16, 2021
View reviewed changes
Copy link
Contributor

@chrisronline chrisronline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work here!

What about this file? https://github.com/elastic/kibana/blob/master/docs/user/security/audit-logging.asciidoc

@ymao1
Copy link
Contributor Author

ymao1 commented Jun 17, 2021

Nice work here!

What about this file? https://github.com/elastic/kibana/blob/master/docs/user/security/audit-logging.asciidoc

@chrisronline Thanks for pointing this out! Updated the docs.

@ymao1 ymao1 requested a review from chrisronline June 17, 2021 11:51
chrisronline
chrisronline approved these changes Jun 17, 2021
View reviewed changes
Copy link
Contributor

@chrisronline chrisronline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

docs/user/security/audit-logging.asciidoc Show resolved Hide resolved
docs/user/security/audit-logging.asciidoc Show resolved Hide resolved
@ymao1
Copy link
Contributor Author

ymao1 commented Jun 21, 2021

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ymao1

pmuellr
pmuellr approved these changes Jun 21, 2021
View reviewed changes
Copy link
Member

@pmuellr pmuellr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@ymao1 ymao1 added the auto-backport Deprecated - use backport:version if exact versions are needed label Jun 21, 2021
@ymao1 ymao1 merged commit 6c699a5 into elastic:master Jun 21, 2021
kibanamachine added a commit to kibanamachine/kibana that referenced this pull request Jun 21, 2021
@ymao1 @kibanamachine
[Alerting] Updating audit event terminology (elastic#102263)
ae399d9 
* Updating audit terminology

* Fixing unit tests

* Updating audit docs

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@kibanamachine kibanamachine mentioned this pull request Jun 21, 2021
Merged
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Jun 21, 2021
@kibanamachine @ymao1
[Alerting] Updating audit event terminology (#102263) (#102787)
44b060c 
* Updating audit terminology

* Fixing unit tests

* Updating audit docs

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: ymao1 <ying.mao@elastic.co>
@mikecote mikecote mentioned this pull request Jul 29, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisronline chrisronline chrisronline approved these changes

@pmuellr pmuellr pmuellr approved these changes

Assignees

@ymao1 ymao1

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Alerting release_note:breaking Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Alerting] Update alerts client audit events to new terminology
6 participants
@ymao1 @legrego @elasticmachine @kibanamachine @pmuellr @chrisronline