-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Alerting] Export rules and connectors #98802
[Alerting] Export rules and connectors #98802
Conversation
… object feature privilege
…ing/export-rules-and-connectors
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, a few remarks.
const savedObjectImportableAndExportableHiddenTypes = registry | ||
.getImportableAndExportableTypes() | ||
.filter((t) => registry.isHidden(t.name)) | ||
.map((t) => t.name); | ||
|
||
const savedObjectTypes = Array.from( | ||
new Set([...savedObjectVisibleTypes, ...savedObjectImportableAndExportableHiddenTypes]) | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch.
x-pack/plugins/alerting/server/saved_objects/transform_rule_for_export.ts
Outdated
Show resolved
Hide resolved
onExport<RawAction>( | ||
context: SavedObjectsExportTransformContext, | ||
objects: Array<SavedObject<RawAction>> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Referring to the getTitle
function on top, as comments are not allowed on non-diff lines...)
Ideally, we shouldn't need the object's type to be displayed in its associated title, as it introduces redundancy in some parts of the SOM UI.
Now, the main SOM table is only using an (EUI) icon to display the type associated with each object. Is there an icon associated with rules
and connectors
in the EUI library? If so, you could add them via the management.icon
property of the types.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pgayvallet Discussed with @mdefazio and we currently don't have dedicated icons for rules
or connectors
. If we're using the default icon, should we leave Rules:
and Connectors:
in the title?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess so. This is low impact and can be changed later anyway, so I think it's fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for being flexible. Our concern is associating icons with Rules and Connectors that may also be used elsewhere for different concepts. The viz type icons were created specifically for those types and aren't used for other things (or shouldn't be).
If we want an icon, we will just need to go the route of creating on specifically for this. However, this type column may quickly turn into a lot of different icons and likely need the title to be shown alongside them anyway.
So let's circle back to it in the future and determine if we want to only show the title.
…ing/export-rules-and-connectors
import { SavedObject } from 'kibana/server'; | ||
import { RawAction } from '../types'; | ||
|
||
const CONNECTORS_WITHOUT_SECRETS = ['.index', '.server-log']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe here we can replace the constants with the dynamic approach to check the action type schema?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@YulNaumenko Great idea! I updated this in this commit 58dfb8a
I ran into the issue where the email and webhook secrets validation does not take into account whether hasAuth
is set to false
inside the connector parameters so in this case, if the secrets validation fails, I'm still checking for the existence of hasAuth
. Do you think that works?
…ing/export-rules-and-connectors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes LGTM!
@elasticmachine merge upstream |
…ing/export-rules-and-connectors
….com/ymao1/kibana into alerting/export-rules-and-connectors
Looking good! One thing I noticed: In this scenario, I don't have the right license level to use the connector. Did we build a specific experience to tell the user this at import time? I think what we have now is okay for now (and we could file an issue to improve it in the future) but I wasn't sure if it was supposed to show more |
Also, I have a connector that requires secrets, but I didn't export it. Instead, I just exported a server log connector and I see this:
|
I added a comment to the import issue: #94152 |
Should be fixed now! Unit tests actually caught that one too! 😅 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! I'm not too familiar with the code yet so I just focused on the functionality. Looks great, nice work!
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: cc @ymao1 |
* Adding importableAndExportable but hidden saved object types to saved object feature privilege * Adding helper function for transforming rule for export. Added audit logging * Adding helper function for transforming rule for export. Added audit logging * Adding unit test for transforming rules for export * Exporting connectors * Removing auditing during export * Adding import/export to docs * PR fixes * Using action type validation onExport * Fixing logic for connectors with optional secrets * Fixing logic for connectors with optional secrets Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
* Adding importableAndExportable but hidden saved object types to saved object feature privilege * Adding helper function for transforming rule for export. Added audit logging * Adding helper function for transforming rule for export. Added audit logging * Adding unit test for transforming rules for export * Exporting connectors * Removing auditing during export * Adding import/export to docs * PR fixes * Using action type validation onExport * Fixing logic for connectors with optional secrets * Fixing logic for connectors with optional secrets Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: ymao1 <ying.mao@elastic.co>
…148703) ## Summary - [x] Addresses #118774 - [x] Enable Security Rule to be **imported** even if one of its connectors has a missing secret - [x] Shows **Warning Callout** in the Import Modal when missing secrets connector is imported. - [x] Added Link `connectors` to the connectors page in the same tab, so that the user can fix imported connectors. - [x] Added `Overwrite existing connectors with conflicting action "id"` option to the Import Modal ## Cases: > **Export:** > - Export Rule(s) with connectors through `Export All` or `Bulk Actions` > > **Import:** > - Import Rule with correct connectors data > - Import Rule with missing secrets' connectors by showing a warning callout > - Re-Import connectors even if they were stored when overwrite is true > > **Error:** > - Showing an error message when the user has a Read Actions permission and stops the importing => ` You may not have actions privileges required to import rules with actions ...` > - Showing an error message when the user has an old imported rule missing all the connectors data **OR** these connectors were not in the user's env => `X connector is missing. Connector id missing is: X` > - Showing an error if the new connectors defined in the exported file are not corresponding to the actions array under the rules param => `X connector is missing. Connector id missing is: X` > - **Showing a ` conflict` error in case of existing connectors and re-importing again with an `overwrite` false => this won't happen in case of implementing the `Skipping action-connectors importing if all connectors have been imported/created before`** > > **Skip importing:** > - Skipping action-connectors importing if the `actions` array is empty, even if the user has exported-connectors in the file > - Skipping action-connectors importing if all connectors have been imported/created before > ### Screenshots > > **1. Importing Connectors successfully** > <img width="1219" alt="image" src="https://user-images.githubusercontent.com/12671903/216049657-a313033b-e45e-4c99-b6ca-ed3070f15a97.png"> > > **2. Importing Connectors with warnings** <img width="1208" alt="image" src="https://user-images.githubusercontent.com/12671903/216980057-b5cdfe38-da1b-479b-8cfd-81f16037ff1d.png"> **3.Connector Page** <img width="1701" alt="image" src="https://user-images.githubusercontent.com/12671903/216049911-da29abc8-e20c-49d2-a507-ab382372b4f6.png"> ## New text: @nastasha-solomon **1. Warning message** title => could be ` 1 connector imported` or `x connectors imported` message => ` 1 connector has sensitive information that requires updates. review in connectors` or `x connectors have sensitive information that requires updates. review in connectors` <img width="588" alt="image" src="https://user-images.githubusercontent.com/12671903/216103805-9946b080-07d3-4e8b-93aa-b5e1dcaa415d.png"> **2. New `Overwrite` checkbox** <img width="431" alt="image" src="https://user-images.githubusercontent.com/12671903/216106354-3d435d64-0fa5-467b-90f1-effb2c0aef2a.png"> **3. Success Toast message** <img width="434" alt="image" src="https://user-images.githubusercontent.com/12671903/216104454-2d83744b-efbc-40c1-9e69-7e8b0670dd19.png"> **4. Error messages** a. Missing import action privileges <img width="438" alt="image" src="https://user-images.githubusercontent.com/12671903/216116350-f306d744-eef4-4064-b4f8-e794db4ad78e.png"> b. Missing connectors <img width="353" alt="image" src="https://user-images.githubusercontent.com/12671903/216104979-370f6826-8150-45d5-8724-6ca50f99ad71.png"> <img width="357" alt="image" src="https://user-images.githubusercontent.com/12671903/216106067-e6132a93-d36e-4bdf-b1bf-e6ddd1cf8a4e.png"> - [x] References: Use **getImporter** and **getExporter** from Saved Object [Connectors SO import/export implementation](#98802) , [Kibana-Core confirmation](https://elastic.slack.com/archives/C5TQ33ND8/p1673275186013589 ) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Resolves #94151
Summary
Adds ability to export rules and connectors from the Saved Objects Management UI.
isMissingSecrets: true
unlessisMissingSecrets
will not be set totrue
hasAuth: false
no secrets, soisMissingSecrets
will not be set totrue
importableAndExportable
to the Saved Object Management feature privilege.How Rules and Connectors show up on Saved Objects Management UI
Checklist
Delete any items that are not applicable to this PR.