Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security usage data #110548

Merged
merged 12 commits into from
Sep 1, 2021
Merged

Conversation

jportner
Copy link
Contributor

@jportner jportner commented Aug 30, 2021

Resolves #110532.

Adds these five fields:

stack_stats.kibana.plugins.core.config.elasticsearch.principal
stack_stats.kibana.plugins.security.auditLoggingType
stack_stats.kibana.plugins.security.sessionIdleTimeoutInMinutes
stack_stats.kibana.plugins.security.sessionExpirationInMinutes
stack_stats.kibana.plugins.security.sessionCleanupInMinutes

@jportner jportner added v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.15.0 v7.16.0 labels Aug 30, 2021
Copy link
Contributor Author

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Author's notes for reviewers

src/core/server/core_usage_data/core_usage_data_service.ts Outdated Show resolved Hide resolved
Comment on lines 14 to +15
auditLoggingEnabled: boolean;
auditLoggingType?: 'ecs' | 'legacy';
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we already have auditLoggingEnabled and we can't change the existing mapping for that field, I added a second optional field for auditLoggingType. The vast majority of clusters do not have audit logging enabled.

@jportner jportner marked this pull request as ready for review August 30, 2021 23:01
@jportner jportner requested review from a team as code owners August 30, 2021 23:01
@jportner jportner requested a review from legrego August 31, 2021 16:49
@@ -391,11 +391,18 @@ export function createConfig(
function getSessionConfig(session: RawConfigType['session'], providers: ProvidersConfigType) {
return {
cleanupInterval: session.cleanupInterval,
getExpirationTimeouts({ type, name }: AuthenticationProvider) {
getExpirationTimeouts(provider?: AuthenticationProvider) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're missing unit tests for this change in config.test.ts. The existing tests all assume that this parameter will be defined

Copy link
Contributor Author

@jportner jportner Aug 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah good point. I think I'll change it to provider: AuthenticationProvider | undefined too to prevent accidental misuse. We only need to use this for usage data collection.

Edit: done in a9959d1.

Copy link
Contributor

@TinaHeiligers TinaHeiligers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Telemetry and core-related changes LGTM.

"principal": {
"type": "keyword",
"_meta": {
"description": "Indicates what elasticsearch user or service account is configured, if any."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: It would help us a lot if we knew what was grouped under other without potentially exposing too much information in the payload. However, IIRC we strip the description out from the usage data before shipping it off to the telemetry cluster so it should be safe enough to add a little more in the description.

Copy link
Contributor Author

@jportner jportner Aug 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I'll change this description to:

Indicates how Kibana authenticates itself to Elasticsearch. If elasticsearch.username is configured, this can be any of: "elastic_user", "kibana_user", "kibana_system_user", or "other_user". Otherwise, if elasticsearch.serviceAccountToken is configured, this will be "kibana_service_account". Otherwise, this value will be "unknown", because some other principal might be used to authenticate Kibana to Elasticsearch (such as an x509 certificate), or authentication may be skipped altogether.

I think "unknown" is better than "other", plus it's less likely to be confused with "other_user".

Edit: done in 0317d33. Unfortunately I could not use a string template or string concatenation to break this up, as it caused the telemetry_check.js script to fail. So I had to write this description in one line 😅

@jportner jportner requested a review from legrego August 31, 2021 20:18
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jportner jportner enabled auto-merge (squash) September 1, 2021 12:06
@jportner jportner added the auto-backport Deprecated - use backport:version if exact versions are needed label Sep 1, 2021
@jportner jportner merged commit b17d87e into elastic:master Sep 1, 2021
@kibanamachine
Copy link
Contributor

💔 Backport failed

Status Branch Result
7.15 Commit could not be cherrypicked due to conflicts
7.x Commit could not be cherrypicked due to conflicts

To backport manually run:
node scripts/backport --pr 110548

jportner added a commit to jportner/kibana that referenced this pull request Sep 1, 2021
# Conflicts:
#	x-pack/plugins/security/server/config.test.ts
#	x-pack/plugins/security/server/config.ts
jportner added a commit to jportner/kibana that referenced this pull request Sep 1, 2021
# Conflicts:
#	x-pack/plugins/security/server/config.test.ts
#	x-pack/plugins/security/server/config.ts
jportner added a commit that referenced this pull request Sep 1, 2021
* Security usage data (#110548)

# Conflicts:
#	x-pack/plugins/security/server/config.test.ts
#	x-pack/plugins/security/server/config.ts

* Fix unit test

Messed it up when fixing the merge conflict

* Fix merge error

* FIX TESTS AGAIN
jportner added a commit that referenced this pull request Sep 2, 2021
* Security usage data (#110548)

# Conflicts:
#	x-pack/plugins/security/server/config.test.ts
#	x-pack/plugins/security/server/config.ts

* Fix bad merge

* FIX TESTS AGAIN

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@jportner jportner deleted the issue-110532-security-usage-data branch September 3, 2021 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auto-backport Deprecated - use backport:version if exact versions are needed release_note:skip Skip the PR/issue when compiling release notes v7.15.0 v7.16.0 v8.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security usage data
4 participants