Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[7.x] [Security Solutions] Adds security detection rule actions as importable and exportable (#115243) #115579

Merged
merged 1 commit into from
Oct 19, 2021
Merged

[7.x] [Security Solutions] Adds security detection rule actions as importable and exportable (#115243) #115579

merged 1 commit into from
Oct 19, 2021

Conversation

kibanamachine
Copy link
Contributor

Backports the following commits to 7.x:

@FrankHassanabad @kibanamachine
[Security Solutions] Adds security detection rule actions as importab…
bd9ae18 
…le and exportable (elastic#115243)

## Summary

Adds the security detection rule actions as being exportable and importable.
* Adds exportable actions for legacy notification system
* Adds exportable actions for the new throttle notification system
* Adds importable but only imports into the new throttle notification system.
* Updates unit tests

In your `ndjson` file when you have actions exported you will see them like so:

```json
"actions": [
    {
      "group": "default",
      "id": "b55117e0-2df9-11ec-b789-7f03e3cdd668",
      "params": {
        "message": "Rule {{context.rule.name}} generated {{state.signals_count}} alerts"
      },
      "action_type_id": ".slack"
    }
  ]
```

where before it was `actions: []` and was not provided.

**Caveats**

If you delete your connector and have an invalid connector then the rule(s) that were referring to that invalid connector will not import and you will get an error like this:

<img width="802" alt="Screen Shot 2021-10-15 at 2 47 10 PM" src="https://user-images.githubusercontent.com/1151048/137554991-b3984be9-d2ad-488e-a309-29da656ca4ea.png">

This does _not_ export your connectors at this point in time. You have to export your connector through the Saved Object Management separate like so:
<img width="1545" alt="Screen Shot 2021-10-15 at 2 58 03 PM" src="https://user-images.githubusercontent.com/1151048/137555135-3f0bfd63-5d67-496b-8d5b-bdef01d6122f.png">

However, if remove everything and import your connector without changing its saved object ID and then go to import the rules everything should import ok and you will get your actions working.

**Manual Testing**:

* You can create normal actions on an alert and then do exports and you should see the actions in your ndjson file 
* You can create legacy notifications from 7.14.0 and then upgrade and export and you should see the actions in your ndjson file
* You can manually create legacy notifications by:

By getting an alert id first and ensuring that your `legacy_notifications/one_action.json` contains a valid action then running this command:
```ts
./post_legacy_notification.sh 3403c0d0-2d44-11ec-b147-3b0c6d563a60
```

* You can export your connector and remove everything and then do an import and you will have everything imported and working with your actions and connector wired up correctly.

### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added
@kibanamachine kibanamachine enabled auto-merge (squash) October 19, 2021 14:45
@kibanamachine kibanamachine mentioned this pull request Oct 19, 2021
Merged
1 task
@kibanamachine
Copy link
Contributor Author

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / Performance Tests.x-pack/test/performance/tests/reporting_dashboard·ts.performance reporting dashbaord downloaded PDF has OK status

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 3 times on tracked branches: https://github.com/elastic/kibana/issues/110470

[00:00:00]     │
[00:00:00]       └-: performance
[00:00:00]         └-> "before all" hook in "performance"
[00:00:00]         └-: reporting dashbaord
[00:00:00]           └-> "before all" hook for "downloaded PDF has OK status"
[00:00:00]           └-> "before all" hook for "downloaded PDF has OK status"
[00:00:00]             │ debg resolved import for x-pack/test/performance/kbn_archives/reporting_dashboard to /dev/shm/workspace/parallel/24/kibana/x-pack/test/performance/kbn_archives/reporting_dashboard.json
[00:00:00]             │ info importing 4 saved objects { space: undefined }
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:00]             │ succ import success
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Loading "mappings.json"
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Loading "data.json.gz"
[00:00:00]             │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [foo] creating index, cause [api], templates [], shards [1]/[1]
[00:00:00]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Created index "foo"
[00:00:00]             │ debg [x-pack/test/performance/es_archives/reporting_dashboard] "foo" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:00:02]             │ info [x-pack/test/performance/es_archives/reporting_dashboard] Indexed 10000 docs into "foo"
[00:00:02]           └-> downloaded PDF has OK status
[00:00:02]             └-> "before each" hook: global before each for "downloaded PDF has OK status"
[00:00:02]             │ debg navigating to dashboards url: http://localhost:61241/app/dashboards
[00:00:02]             │ debg navigate to: http://localhost:61241/app/dashboards
[00:00:02]             │ debg browser[INFO] http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:02]             │
[00:00:02]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:02]             │ debg ... sleep(700) start
[00:00:03]             │ debg ... sleep(700) end
[00:00:03]             │ debg returned from get, calling refresh
[00:00:04]             │ debg browser[INFO] http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:04]             │
[00:00:04]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:05]             │ debg currentUrl = http://localhost:61241/login?next=%2Fapp%2Fdashboards%3F_t%3D1634660422194
[00:00:05]             │          appUrl = http://localhost:61241/app/dashboards
[00:00:05]             │ debg TestSubjects.find(kibanaChrome)
[00:00:05]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:00:05]             │ debg Found login page
[00:00:05]             │ debg TestSubjects.setValue(loginUsername, test_user)
[00:00:05]             │ debg TestSubjects.click(loginUsername)
[00:00:05]             │ debg Find.clickByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:00:05]             │ debg Find.findByCssSelector('[data-test-subj="loginUsername"]') with timeout=10000
[00:00:06]             │ warn browser[SEVERE] http://localhost:61241/api/licensing/info - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[00:00:06]             │ debg TestSubjects.setValue(loginPassword, changeme)
[00:00:06]             │ debg TestSubjects.click(loginPassword)
[00:00:06]             │ debg Find.clickByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:00:06]             │ debg Find.findByCssSelector('[data-test-subj="loginPassword"]') with timeout=10000
[00:00:06]             │ debg TestSubjects.click(loginSubmit)
[00:00:06]             │ debg Find.clickByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:00:06]             │ debg Find.findByCssSelector('[data-test-subj="loginSubmit"]') with timeout=10000
[00:00:06]             │ debg Find.waitForDeletedByCssSelector('.kibanaWelcomeLogo') with timeout=10000
[00:00:06]             │ proc [kibana]   log   [16:20:25.992] [info][plugins][routes][security] Logging in with provider "basic" (basic)
[00:00:07]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"]') with timeout=60000
[00:00:07]             │ debg Find.findByCssSelector('[data-test-subj="kibanaChrome"] nav:not(.ng-hide)') with timeout=60000
[00:00:09]             │ debg browser[INFO] http://localhost:61241/app/dashboards?_t=1634660422194 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:09]             │
[00:00:09]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:10]             │ debg browser[INFO] http://localhost:61241/app/dashboards?_t=1634660429159 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:10]             │
[00:00:10]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:10]             │ debg Finished login process currentUrl = http://localhost:61241/app/dashboards
[00:00:10]             │ debg ... sleep(501) start
[00:00:11]             │ debg ... sleep(501) end
[00:00:11]             │ debg in navigateTo url = http://localhost:61241/app/dashboards#/list?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:00:11]             │ debg --- retry.tryForTime error: URL changed, waiting for it to settle
[00:00:11]             │ debg ... sleep(501) start
[00:00:12]             │ debg ... sleep(501) end
[00:00:12]             │ debg in navigateTo url = http://localhost:61241/app/dashboards#/list?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:00:12]             │ debg Waiting up to 20000ms for dashboard landing page...
[00:00:12]             │ debg onDashboardLandingPage
[00:00:12]             │ debg TestSubjects.exists(dashboardLandingPage)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=5000
[00:00:12]             │ debg Load Saved Dashboard dashboard
[00:00:12]             │ debg gotoDashboardLandingPage
[00:00:12]             │ debg onDashboardLandingPage
[00:00:12]             │ debg TestSubjects.exists(dashboardLandingPage)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=5000
[00:00:12]             │ debg searchForItemWithName: dashboard
[00:00:12]             │ debg TestSubjects.find(tableListSearchBox)
[00:00:12]             │ debg Find.findByCssSelector('[data-test-subj="tableListSearchBox"]') with timeout=10000
[00:00:12]             │ debg isGlobalLoadingIndicatorVisible
[00:00:12]             │ debg TestSubjects.exists(globalLoadingIndicator)
[00:00:12]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:00:12]             │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:00:12]             │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:00:15]             │ debg TestSubjects.click(dashboardListingTitleLink-dashboard)
[00:00:15]             │ debg Find.clickByCssSelector('[data-test-subj="dashboardListingTitleLink-dashboard"]') with timeout=10000
[00:00:15]             │ debg Find.findByCssSelector('[data-test-subj="dashboardListingTitleLink-dashboard"]') with timeout=10000
[00:00:15]             │ debg isGlobalLoadingIndicatorVisible
[00:00:15]             │ debg TestSubjects.exists(globalLoadingIndicator)
[00:00:15]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="globalLoadingIndicator"]') with timeout=1500
[00:00:15]             │ debg browser[INFO] http://localhost:61241/app/dashboards#/view/37b49c50-2dc6-11eb-8af3-cb3aa84dbabd?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now)) 281 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:00:15]             │
[00:00:15]             │ debg browser[INFO] http://localhost:61241/bootstrap.js 41:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:00:16]             │ debg --- retry.tryForTime error: [data-test-subj="globalLoadingIndicator"] is not displayed
[00:00:17]             │ debg TestSubjects.exists(globalLoadingIndicator-hidden)
[00:00:17]             │ debg Find.existsByCssSelector('[data-test-subj="globalLoadingIndicator-hidden"]') with timeout=100000
[00:00:17]             │ debg TestSubjects.missingOrFail(dashboardLandingPage)
[00:00:17]             │ debg Find.waitForDeletedByCssSelector('[data-test-subj="dashboardLandingPage"]') with timeout=10000
[00:00:18]             │ debg openPdfReportingPanel
[00:00:18]             │ debg openShareMenuItem title:PDF Reports
[00:00:18]             │ debg TestSubjects.exists(shareContextMenu)
[00:00:18]             │ debg Find.existsByDisplayedByCssSelector('[data-test-subj="shareContextMenu"]') with timeout=2500
[00:00:18]             │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.async-search] creating index, cause [api], templates [], shards [1]/[0]
[00:00:20]             │ debg --- retry.tryForTime error: [data-test-subj="shareContextMenu"] is not displayed
[00:00:20]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:21]             │ debg TestSubjects.click(shareTopNavButton)
[00:00:21]             │ debg Find.clickByCssSelector('[data-test-subj="shareTopNavButton"]') with timeout=10000
[00:00:21]             │ debg Find.findByCssSelector('[data-test-subj="shareTopNavButton"]') with timeout=10000
[00:00:22]             │ debg Find.findByCssSelector('div.euiContextMenuPanel') with timeout=10000
[00:00:23]             │ debg TestSubjects.click(sharePanel-PDFReports)
[00:00:23]             │ debg Find.clickByCssSelector('[data-test-subj="sharePanel-PDFReports"]') with timeout=10000
[00:00:23]             │ debg Find.findByCssSelector('[data-test-subj="sharePanel-PDFReports"]') with timeout=10000
[00:00:23]             │ debg Find.waitForElementStale with timeout=10000
[00:00:24]             │ debg TestSubjects.click(generateReportButton)
[00:00:24]             │ debg Find.clickByCssSelector('[data-test-subj="generateReportButton"]') with timeout=10000
[00:00:24]             │ debg Find.findByCssSelector('[data-test-subj="generateReportButton"]') with timeout=10000
[00:00:24]             │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_7.16.0_001/NEadSEVPTIKvORYz_xRkGg] update_mapping [_doc]
[00:00:24]             │ debg getReportURL
[00:00:24]             │ debg TestSubjects.getAttribute(downloadCompletedReportButton, href, tryTimeout=120000, findTimeout=60000)
[00:00:24]             │ debg TestSubjects.find(downloadCompletedReportButton)
[00:00:24]             │ debg Find.findByCssSelector('[data-test-subj="downloadCompletedReportButton"]') with timeout=60000
[00:01:25]             │ debg --- retry.tryForTime error: Waiting for element to be located By(css selector, [data-test-subj="downloadCompletedReportButton"])
[00:01:25]             │      Wait timed out after 61151ms
[00:01:26]             │ debg TestSubjects.find(downloadCompletedReportButton)
[00:01:26]             │ debg Find.findByCssSelector('[data-test-subj="downloadCompletedReportButton"]') with timeout=60000
[00:02:27]             │ debg --- retry.tryForTime error: Waiting for element to be located By(css selector, [data-test-subj="downloadCompletedReportButton"])
[00:02:27]             │      Wait timed out after 61155ms
[00:02:27]             │ debg Find.findByCssSelector('[data-test-errorText]') with timeout=10000
[00:02:37]             │ info Taking screenshot "/dev/shm/workspace/parallel/24/kibana/x-pack/test/functional/screenshots/failure/performance reporting dashbaord downloaded PDF has OK status.png"
[00:02:37]             │ info Current URL is: http://localhost:61241/app/dashboards#/view/37b49c50-2dc6-11eb-8af3-cb3aa84dbabd?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))
[00:02:37]             │ info Saving page source to: /dev/shm/workspace/parallel/24/kibana/x-pack/test/performance/failure_debug/html/performance reporting dashbaord downloaded PDF has OK status.html
[00:02:37]             └- ✖ fail: performance reporting dashbaord downloaded PDF has OK status
[00:02:37]             │      TimeoutError: Waiting for element to be located By(css selector, [data-test-errorText])
[00:02:37]             │ Wait timed out after 10058ms
[00:02:37]             │       at /dev/shm/workspace/parallel/24/kibana/node_modules/selenium-webdriver/lib/webdriver.js:842:17
[00:02:37]             │       at runMicrotasks (<anonymous>)
[00:02:37]             │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:02:37]             │ 
[00:02:37]             │

Stack Trace

TimeoutError: Waiting for element to be located By(css selector, [data-test-errorText])
Wait timed out after 10058ms
    at /dev/shm/workspace/parallel/24/kibana/node_modules/selenium-webdriver/lib/webdriver.js:842:17
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  remoteStacktrace: ''
}

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @FrankHassanabad

@kibanamachine kibanamachine merged commit 33de724 into elastic:7.x Oct 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@FrankHassanabad FrankHassanabad

Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kibanamachine @FrankHassanabad