Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Alerting] Add deprecation levels for config deprecations #115832

Merged
merged 1 commit into from
Oct 21, 2021
Merged

[Alerting] Add deprecation levels for config deprecations #115832

merged 1 commit into from
Oct 21, 2021

Conversation

chrisronline
Copy link
Contributor

Resolves #115429

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching·ts.detection engine api security and spaces enabled create_threat_matching tests with auditbeat data should be able to execute and get 10 signals when doing a specific query

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]     │
[00:00:00]       └-: detection engine api security and spaces enabled
[00:00:00]         └-> "before all" hook in "detection engine api security and spaces enabled"
[00:00:00]         └-: 
[00:00:00]           └-> "before all" hook in ""
[00:11:23]           └-: create_threat_matching
[00:11:23]             └-> "before all" hook in "create_threat_matching"
[00:11:36]             └-: tests with auditbeat data
[00:11:36]               └-> "before all" hook for "should be able to execute and get 10 signals when doing a specific query"
[00:11:36]               └-> "before all" hook for "should be able to execute and get 10 signals when doing a specific query"
[00:11:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Loading "mappings.json"
[00:11:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Loading "data.json.gz"
[00:11:36]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [auditbeat-8.0.0-2019.02.19-000001] creating index, cause [api], templates [], shards [1]/[1]
[00:11:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Created index "auditbeat-8.0.0-2019.02.19-000001"
[00:11:36]                 │ debg [x-pack/test/functional/es_archives/auditbeat/hosts] "auditbeat-8.0.0-2019.02.19-000001" settings {"index":{"lifecycle":{"name":"auditbeat-8.0.0","rollover_alias":"auditbeat-8.0.0"},"mapping":{"total_fields":{"limit":"10000"}},"number_of_replicas":"1","number_of_shards":"1","query":{"default_field":["tags","message","agent.version","agent.name","agent.type","agent.id","agent.ephemeral_id","client.address","client.mac","client.domain","client.geo.continent_name","client.geo.country_name","client.geo.region_name","client.geo.city_name","client.geo.country_iso_code","client.geo.region_iso_code","client.geo.name","cloud.provider","cloud.availability_zone","cloud.region","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.account.id","container.runtime","container.id","container.image.name","container.image.tag","container.name","destination.address","destination.mac","destination.domain","destination.geo.continent_name","destination.geo.country_name","destination.geo.region_name","destination.geo.city_name","destination.geo.country_iso_code","destination.geo.region_iso_code","destination.geo.name","ecs.version","error.id","error.message","error.code","event.id","event.kind","event.category","event.action","event.outcome","event.type","event.module","event.dataset","event.hash","event.timezone","file.path","file.target_path","file.extension","file.type","file.device","file.inode","file.uid","file.owner","file.gid","file.group","file.mode","group.id","group.name","host.hostname","host.name","host.id","host.mac","host.type","host.architecture","host.os.platform","host.os.name","host.os.full","host.os.family","host.os.version","host.os.kernel","host.geo.continent_name","host.geo.country_name","host.geo.region_name","host.geo.city_name","host.geo.country_iso_code","host.geo.region_iso_code","host.geo.name","http.request.method","http.request.body.content","http.request.referrer","http.response.body.content","http.version","log.level","network.name","network.type","network.iana_number","network.transport","network.application","network.protocol","network.direction","network.community_id","observer.mac","observer.hostname","observer.vendor","observer.version","observer.serial_number","observer.type","observer.os.platform","observer.os.name","observer.os.full","observer.os.family","observer.os.version","observer.os.kernel","observer.geo.continent_name","observer.geo.country_name","observer.geo.region_name","observer.geo.city_name","observer.geo.country_iso_code","observer.geo.region_iso_code","observer.geo.name","organization.name","organization.id","os.platform","os.name","os.full","os.family","os.version","os.kernel","process.name","process.args","process.executable","process.title","process.working_directory","server.address","server.mac","server.domain","server.geo.continent_name","server.geo.country_name","server.geo.region_name","server.geo.city_name","server.geo.country_iso_code","server.geo.region_iso_code","server.geo.name","service.id","service.name","service.type","service.state","service.version","service.ephemeral_id","source.address","source.mac","source.domain","source.geo.continent_name","source.geo.country_name","source.geo.region_name","source.geo.city_name","source.geo.country_iso_code","source.geo.region_iso_code","source.geo.name","url.original","url.full","url.scheme","url.domain","url.path","url.query","url.fragment","url.username","url.password","user.id","user.name","user.full_name","user.email","user.hash","user.group.id","user.group.name","user_agent.original","user_agent.name","user_agent.version","user_agent.device.name","user_agent.os.platform","user_agent.os.name","user_agent.os.full","user_agent.os.family","user_agent.os.version","user_agent.os.kernel","agent.hostname","error.type","cloud.project.id","kubernetes.pod.name","kubernetes.pod.uid","kubernetes.namespace","kubernetes.node.name","kubernetes.container.name","kubernetes.container.image","file.origin","raw","file.selinux.user","file.selinux.role","file.selinux.domain","file.selinux.level","user.audit.id","user.audit.name","user.effective.id","user.effective.name","user.effective.group.id","user.effective.group.name","user.filesystem.id","user.filesystem.name","user.filesystem.group.id","user.filesystem.group.name","user.saved.id","user.saved.name","user.saved.group.id","user.saved.group.name","user.selinux.user","user.selinux.role","user.selinux.domain","user.selinux.level","user.selinux.category","source.path","destination.path","auditd.message_type","auditd.session","auditd.result","auditd.summary.actor.primary","auditd.summary.actor.secondary","auditd.summary.object.type","auditd.summary.object.primary","auditd.summary.object.secondary","auditd.summary.how","auditd.paths.inode","auditd.paths.dev","auditd.paths.obj_user","auditd.paths.obj_role","auditd.paths.obj_domain","auditd.paths.obj_level","auditd.paths.objtype","auditd.paths.ouid","auditd.paths.rdev","auditd.paths.nametype","auditd.paths.ogid","auditd.paths.item","auditd.paths.mode","auditd.paths.name","auditd.data.action","auditd.data.minor","auditd.data.acct","auditd.data.addr","auditd.data.cipher","auditd.data.id","auditd.data.entries","auditd.data.kind","auditd.data.ksize","auditd.data.spid","auditd.data.arch","auditd.data.argc","auditd.data.major","auditd.data.unit","auditd.data.table","auditd.data.terminal","auditd.data.grantors","auditd.data.direction","auditd.data.op","auditd.data.tty","auditd.data.syscall","auditd.data.data","auditd.data.family","auditd.data.mac","auditd.data.pfs","auditd.data.items","auditd.data.a0","auditd.data.a1","auditd.data.a2","auditd.data.a3","auditd.data.hostname","auditd.data.lport","auditd.data.rport","auditd.data.exit","auditd.data.fp","auditd.data.laddr","auditd.data.sport","auditd.data.capability","auditd.data.nargs","auditd.data.new-enabled","auditd.data.audit_backlog_limit","auditd.data.dir","auditd.data.cap_pe","auditd.data.model","auditd.data.new_pp","auditd.data.old-enabled","auditd.data.oauid","auditd.data.old","auditd.data.banners","auditd.data.feature","auditd.data.vm-ctx","auditd.data.opid","auditd.data.seperms","auditd.data.seresult","auditd.data.new-rng","auditd.data.old-net","auditd.data.sigev_signo","auditd.data.ino","auditd.data.old_enforcing","auditd.data.old-vcpu","auditd.data.range","auditd.data.res","auditd.data.added","auditd.data.fam","auditd.data.nlnk-pid","auditd.data.subj","auditd.data.a[0-3]","auditd.data.cgroup","auditd.data.kernel","auditd.data.ocomm","auditd.data.new-net","auditd.data.permissive","auditd.data.class","auditd.data.compat","auditd.data.fi","auditd.data.changed","auditd.data.msg","auditd.data.dport","auditd.data.new-seuser","auditd.data.invalid_context","auditd.data.dmac","auditd.data.ipx-net","auditd.data.iuid","auditd.data.macproto","auditd.data.obj","auditd.data.ipid","auditd.data.new-fs","auditd.data.vm-pid","auditd.data.cap_pi","auditd.data.old-auid","auditd.data.oses","auditd.data.fd","auditd.data.igid","auditd.data.new-disk","auditd.data.parent","auditd.data.len","auditd.data.oflag","auditd.data.uuid","auditd.data.code","auditd.data.nlnk-grp","auditd.data.cap_fp","auditd.data.new-mem","auditd.data.seperm","auditd.data.enforcing","auditd.data.new-chardev","auditd.data.old-rng","auditd.data.outif","auditd.data.cmd","auditd.data.hook","auditd.data.new-level","auditd.data.sauid","auditd.data.sig","auditd.data.audit_backlog_wait_time","auditd.data.printer","auditd.data.old-mem","auditd.data.perm","auditd.data.old_pi","auditd.data.state","auditd.data.format","auditd.data.new_gid","auditd.data.tcontext","auditd.data.maj","auditd.data.watch","auditd.data.device","auditd.data.grp","auditd.data.bool","auditd.data.icmp_type","auditd.data.new_lock","auditd.data.old_prom","auditd.data.acl","auditd.data.ip","auditd.data.new_pi","auditd.data.default-context","auditd.data.inode_gid","auditd.data.new-log_passwd","auditd.data.new_pe","auditd.data.selected-context","auditd.data.cap_fver","auditd.data.file","auditd.data.net","auditd.data.virt","auditd.data.cap_pp","auditd.data.old-range","auditd.data.resrc","auditd.data.new-range","auditd.data.obj_gid","auditd.data.proto","auditd.data.old-disk","auditd.data.audit_failure","auditd.data.inif","auditd.data.vm","auditd.data.flags","auditd.data.nlnk-fam","auditd.data.old-fs","auditd.data.old-ses","auditd.data.seqno","auditd.data.fver","auditd.data.qbytes","auditd.data.seuser","auditd.data.cap_fe","auditd.data.new-vcpu","auditd.data.old-level","auditd.data.old_pp","auditd.data.daddr","auditd.data.old-role","auditd.data.ioctlcmd","auditd.data.smac","auditd.data.apparmor","auditd.data.fe","auditd.data.perm_mask","auditd.data.ses","auditd.data.cap_fi","auditd.data.obj_uid","auditd.data.reason","auditd.data.list","auditd.data.old_lock","auditd.data.bus","auditd.data.old_pe","auditd.data.new-role","auditd.data.prom","auditd.data.uri","auditd.data.audit_enabled","auditd.data.old-log_passwd","auditd.data.old-seuser","auditd.data.per","auditd.data.scontext","auditd.data.tclass","auditd.data.ver","auditd.data.new","auditd.data.val","auditd.data.img-ctx","auditd.data.old-chardev","auditd.data.old_val","auditd.data.success","auditd.data.inode_uid","auditd.data.removed","auditd.data.socket.port","auditd.data.socket.saddr","auditd.data.socket.addr","auditd.data.socket.family","auditd.data.socket.path","geoip.continent_name","geoip.city_name","geoip.region_name","geoip.country_iso_code","hash.blake2b_256","hash.blake2b_384","hash.blake2b_512","hash.md5","hash.sha1","hash.sha224","hash.sha256","hash.sha384","hash.sha3_224","hash.sha3_256","hash.sha3_384","hash.sha3_512","hash.sha512","hash.sha512_224","hash.sha512_256","hash.xxh64","event.origin","user.entity_id","user.terminal","process.entity_id","socket.entity_id","system.audit.host.timezone.name","system.audit.host.hostname","system.audit.host.id","system.audit.host.architecture","system.audit.host.mac","system.audit.host.os.platform","system.audit.host.os.name","system.audit.host.os.family","system.audit.host.os.version","system.audit.host.os.kernel","system.audit.package.entity_id","system.audit.package.name","system.audit.package.version","system.audit.package.release","system.audit.package.arch","system.audit.package.license","system.audit.package.summary","system.audit.package.url","system.audit.user.name","system.audit.user.uid","system.audit.user.gid","system.audit.user.dir","system.audit.user.shell","system.audit.user.user_information","system.audit.user.password.type","fields.*"]},"refresh_interval":"5s"}}
[00:11:37]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Indexed 1751 docs into "auditbeat-8.0.0-2019.02.19-000001"
[00:11:37]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Indexed 1 docs into "winlogbeat-8.0.0-2019.02.19-000001"
[00:11:37]               └-> should be able to execute and get 10 signals when doing a specific query
[00:11:37]                 └-> "before each" hook: global before each for "should be able to execute and get 10 signals when doing a specific query"
[00:11:37]                 └-> "before each" hook for "should be able to execute and get 10 signals when doing a specific query"
[00:11:37]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:11:37]                   │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:11:37]                   │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:11:37]                   │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:11:40]                 │ proc [kibana] [2021-10-20T18:27:43.410+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-20T18:27:43.410Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-20T18:27:43.410Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-20T18:27:41.665Z","schedule_delay":1745000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"68f83440-31d3-11ec-b3b1-513fcc0daf73\"","ecs":{"version":"1.8.0"}}
[00:11:41]                 │ proc [kibana] [2021-10-20T18:27:44.698+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-20T18:27:44.697Z","event":{"provider":"securitySolution.ruleExecution","kind":"event","action":"status-change","sequence":0},"rule":{"id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","name":"Query with a rule id","category":"siem.signals"},"kibana":{"alert":{"rule":{"execution":{"status":"going to run","status_order":10}}},"space_ids":["default"],"saved_objects":[{"rel":"primary","type":"alert","id":"68f83440-31d3-11ec-b3b1-513fcc0daf73"}],"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"ecs":{"version":"1.8.0"}}
[00:11:42]                 │ proc [kibana] [2021-10-20T18:27:45.713+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-20T18:27:45.712Z","event":{"provider":"securitySolution.ruleExecution","kind":"event","action":"status-change","sequence":1},"rule":{"id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","name":"Query with a rule id","category":"siem.signals"},"message":"succeeded","kibana":{"alert":{"rule":{"execution":{"status":"succeeded","status_order":0}}},"space_ids":["default"],"saved_objects":[{"rel":"primary","type":"alert","id":"68f83440-31d3-11ec-b3b1-513fcc0daf73"}],"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"ecs":{"version":"1.8.0"}}
[00:11:42]                 │ proc [kibana] [2021-10-20T18:27:45.714+00:00][INFO ][plugins.securitySolution] [+] Finished indexing 88  signals searched between date ranges [
[00:11:42]                 │ proc [kibana]   {
[00:11:42]                 │ proc [kibana]     "to": "2021-10-20T18:27:43.351Z",
[00:11:42]                 │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:11:42]                 │ proc [kibana]     "maxSignals": 100
[00:11:42]                 │ proc [kibana]   }
[00:11:42]                 │ proc [kibana] ] name: "Query with a rule id" id: "68f83440-31d3-11ec-b3b1-513fcc0daf73" rule id: "rule-1" signals index: ".siem-signals-default"
[00:11:42]                 │ proc [kibana] [2021-10-20T18:27:45.725+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-20T18:27:43.410Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-20T18:27:43.410Z","outcome":"success","end":"2021-10-20T18:27:45.724Z","duration":2314000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-20T18:27:41.665Z","schedule_delay":1745000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"68f83440-31d3-11ec-b3b1-513fcc0daf73","license":"basic","category":"siem.signals","ruleset":"siem","name":"Query with a rule id"},"message":"alert executed: siem.signals:68f83440-31d3-11ec-b3b1-513fcc0daf73: 'Query with a rule id'","ecs":{"version":"1.8.0"}}
[00:11:42]                 └- ✖ fail: detection engine api security and spaces enabled  create_threat_matching tests with auditbeat data should be able to execute and get 10 signals when doing a specific query
[00:11:42]                 │      Error: expected undefined to be truthy
[00:11:42]                 │       at Assertion.assert (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:11:42]                 │       at Assertion.ok (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:122:8)
[00:11:42]                 │       at Function.ok (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:531:15)
[00:11:42]                 │       at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts:172:43)
[00:11:42]                 │       at runMicrotasks (<anonymous>)
[00:11:42]                 │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:11:42]                 │       at Object.apply (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:11:42]                 │ 
[00:11:42]                 │

Stack Trace

Error: expected undefined to be truthy
    at Assertion.assert (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.ok (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:122:8)
    at Function.ok (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/expect/expect.js:531:15)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts:172:43)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/parallel/19/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@chrisronline chrisronline self-assigned this Oct 20, 2021
@chrisronline chrisronline added Feature:Actions Feature:Alerting Feature:Task Manager Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) release_note:skip Skip the PR/issue when compiling release notes v8.0.0 labels Oct 20, 2021
@chrisronline chrisronline marked this pull request as ready for review October 20, 2021 20:03
@chrisronline chrisronline requested a review from a team as a code owner October 20, 2021 20:03
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

YulNaumenko
YulNaumenko approved these changes Oct 20, 2021
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pmuellr
pmuellr approved these changes Oct 21, 2021
View reviewed changes
Copy link
Member

@pmuellr pmuellr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but have to ask: does something "special" happen with critical vs warning level? Thinking back on plugin status unavailable doing some things we did not expect ... :-)

@chrisronline
Copy link
Contributor Author

@pmuellr Great question! My assumption is critical might show up differently in the Upgrade Assistant, maybe a way to sort/prioritize deprecation warmings for users? cc @pgayvallet

@chrisronline chrisronline merged commit ce54699 into elastic:master Oct 21, 2021
@chrisronline chrisronline mentioned this pull request Oct 21, 2021
Merged
chrisronline added a commit to chrisronline/kibana that referenced this pull request Oct 21, 2021
@chrisronline
Add deprecation levels (elastic#115832)
4a8f3fe
@chrisronline chrisronline deleted the alerting/deprecation_level branch October 21, 2021 19:56
chrisronline added a commit that referenced this pull request Oct 21, 2021
@chrisronline
Add deprecation levels (#115832) (#116008)
21c43df
@pgayvallet
Copy link
Contributor

does something "special" happen with critical vs warning level?

No, that value only surfaces in the UA interface. This whole level meta is only about improving the end user experience during migrations

shivindera pushed a commit to shivindera/kibana that referenced this pull request Oct 25, 2021
@chrisronline @shivindera
Add deprecation levels (elastic#115832)
3b40793
@mikecote mikecote mentioned this pull request Nov 3, 2021
Closed
32 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YulNaumenko YulNaumenko YulNaumenko approved these changes

@pmuellr pmuellr pmuellr approved these changes

Assignees

@chrisronline chrisronline

Labels
Feature:Actions Feature:Alerting Feature:Task Manager release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Alerting] Explicitly set level for all registered deprecations
6 participants
@chrisronline @kibanamachine @elasticmachine @pgayvallet @pmuellr @YulNaumenko