[Alerting] Export rules and connectors (elastic#98802)

* Adding importableAndExportable but hidden saved object types to saved object feature privilege * Adding helper function for transforming rule for export. Added audit logging * Adding helper function for transforming rule for export. Added audit logging * Adding unit test for transforming rules for export * Exporting connectors * Removing auditing during export * Adding import/export to docs * PR fixes * Using action type validation onExport * Fixing logic for connectors with optional secrets * Fixing logic for connectors with optional secrets Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine · May 5, 2021 · 909fa63 · 909fa63
1 parent 9f9c417
commit 909fa63
Show file tree

Hide file tree

Showing 11 changed files with 495 additions and 7 deletions.
diff --git a/docs/management/action-types.asciidoc b/docs/management/action-types.asciidoc
@@ -106,6 +106,12 @@ New connectors can be created by clicking the *Create connector* button, which w
 [role="screenshot"]
 image::images/connector-select-type.png[Connector select type]
 
+[float]
+[[importing-and-exporting-connectors]]
+=== Importing and exporting connectors
+
+To import and export rules, use the <<managing-saved-objects, Saved Objects Management UI>>.
+
 [float]
 [[create-connectors]]
 === Preconfigured connectors

diff --git a/docs/user/alerting/rule-management.asciidoc b/docs/user/alerting/rule-management.asciidoc
@@ -57,6 +57,12 @@ These operations can also be performed in bulk by multi-selecting rules and clic
 [role="screenshot"]
 image:images/bulk-mute-disable.png[The Manage rules button lets you mute/unmute, enable/disable, and delete in bulk]
 
+[float]
+[[importing-and-exporting-rules]]
+=== Importing and exporting rules
+
+To import and export rules, use the <<managing-saved-objects, Saved Objects Management UI>>.
+
 [float]
 === Required permissions
 

diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts
@@ -181,7 +181,6 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     }
 
     plugins.features.registerKibanaFeature(ACTIONS_FEATURE);
-    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects);
 
     this.eventLogService = plugins.eventLog;
     plugins.eventLog.registerProviderActions(EVENT_LOG_PROVIDER, Object.values(EVENT_LOG_ACTIONS));
@@ -228,6 +227,8 @@ export class ActionsPlugin implements Plugin<PluginSetupContract, PluginStartCon
     this.actionExecutor = actionExecutor;
     this.security = plugins.security;
 
+    setupSavedObjects(core.savedObjects, plugins.encryptedSavedObjects, this.actionTypeRegistry!);
+
     registerBuiltInActionTypes({
       logger: this.logger,
       actionTypeRegistry,

diff --git a/x-pack/plugins/actions/server/saved_objects/index.ts b/x-pack/plugins/actions/server/saved_objects/index.ts
@@ -5,20 +5,27 @@
  * 2.0.
  */
 
-import { SavedObject, SavedObjectsServiceSetup } from 'kibana/server';
+import {
+  SavedObject,
+  SavedObjectsExportTransformContext,
+  SavedObjectsServiceSetup,
+} from 'kibana/server';
 import { EncryptedSavedObjectsPluginSetup } from '../../../encrypted_saved_objects/server';
 import mappings from './mappings.json';
 import { getMigrations } from './migrations';
 import { RawAction } from '../types';
 import { getImportResultMessage, GO_TO_CONNECTORS_BUTTON_LABLE } from './get_import_result_message';
+import { transformConnectorsForExport } from './transform_connectors_for_export';
+import { ActionTypeRegistry } from '../action_type_registry';
 
 export const ACTION_SAVED_OBJECT_TYPE = 'action';
 export const ALERT_SAVED_OBJECT_TYPE = 'alert';
 export const ACTION_TASK_PARAMS_SAVED_OBJECT_TYPE = 'action_task_params';
 
 export function setupSavedObjects(
   savedObjects: SavedObjectsServiceSetup,
-  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup
+  encryptedSavedObjects: EncryptedSavedObjectsPluginSetup,
+  actionTypeRegistry: ActionTypeRegistry
 ) {
   savedObjects.registerType({
     name: ACTION_SAVED_OBJECT_TYPE,
@@ -32,6 +39,12 @@ export function setupSavedObjects(
       getTitle(obj) {
         return `Connector: [${obj.attributes.name}]`;
       },
+      onExport<RawAction>(
+        context: SavedObjectsExportTransformContext,
+        objects: Array<SavedObject<RawAction>>
+      ) {
+        return transformConnectorsForExport(objects, actionTypeRegistry);
+      },
       onImport(connectors) {
         return {
           warnings: [

diff --git a/x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.test.ts b/x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.test.ts
@@ -0,0 +1,253 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { transformConnectorsForExport } from './transform_connectors_for_export';
+import { ActionTypeRegistry, ActionTypeRegistryOpts } from '../action_type_registry';
+import { loggingSystemMock } from '../../../../../src/core/server/mocks';
+import { actionsConfigMock } from '../actions_config.mock';
+import { licensingMock } from '../../../licensing/server/mocks';
+import { licenseStateMock } from '../lib/license_state.mock';
+import { taskManagerMock } from '../../../task_manager/server/mocks';
+import { ActionExecutor, TaskRunnerFactory } from '../lib';
+import { registerBuiltInActionTypes } from '../builtin_action_types';
+
+describe('transform connector for export', () => {
+  const actionTypeRegistryParams: ActionTypeRegistryOpts = {
+    licensing: licensingMock.createSetup(),
+    taskManager: taskManagerMock.createSetup(),
+    taskRunnerFactory: new TaskRunnerFactory(new ActionExecutor({ isESOCanEncrypt: true })),
+    actionsConfigUtils: actionsConfigMock.create(),
+    licenseState: licenseStateMock.create(),
+    preconfiguredActions: [],
+  };
+  const actionTypeRegistry: ActionTypeRegistry = new ActionTypeRegistry(actionTypeRegistryParams);
+
+  registerBuiltInActionTypes({
+    logger: loggingSystemMock.create().get(),
+    actionTypeRegistry,
+    actionsConfigUtils: actionsConfigMock.create(),
+  });
+
+  const connectorsWithNoSecrets = [
+    {
+      id: '1',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.email',
+        name: 'email connector without auth',
+        isMissingSecrets: false,
+        config: {
+          hasAuth: false,
+          from: 'me@me.com',
+          host: 'host',
+          port: 22,
+          service: null,
+          secure: null,
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '2',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.index',
+        name: 'index connector',
+        isMissingSecrets: false,
+        config: {
+          index: 'test-index',
+          refresh: false,
+          executionTimeField: null,
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '3',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.server-log',
+        name: 'server log connector',
+        isMissingSecrets: false,
+        config: {},
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '4',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.webhook',
+        name: 'webhook connector without auth',
+        isMissingSecrets: false,
+        config: {
+          method: 'post',
+          hasAuth: false,
+          url: 'https://webhook',
+          headers: {},
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+  ];
+  const connectorsWithSecrets = [
+    {
+      id: '1',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.email',
+        name: 'email connector with auth',
+        isMissingSecrets: false,
+        config: {
+          hasAuth: true,
+          from: 'me@me.com',
+          host: 'host',
+          port: 22,
+          service: null,
+          secure: null,
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '2',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.resilient',
+        name: 'resilient connector',
+        isMissingSecrets: false,
+        config: {
+          apiUrl: 'https://resilient',
+          orgId: 'origId',
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '3',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.servicenow',
+        name: 'servicenow itsm connector',
+        isMissingSecrets: false,
+        config: {
+          apiUrl: 'https://servicenow',
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '4',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.pagerduty',
+        name: 'pagerduty connector',
+        isMissingSecrets: false,
+        config: {
+          apiUrl: 'https://pagerduty',
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '5',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.jira',
+        name: 'jira connector',
+        isMissingSecrets: false,
+        config: {
+          apiUrl: 'https://jira',
+          projectKey: 'foo',
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '6',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.teams',
+        name: 'teams connector',
+        isMissingSecrets: false,
+        config: {},
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '7',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.slack',
+        name: 'slack connector',
+        isMissingSecrets: false,
+        config: {},
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '8',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.servicenow-sir',
+        name: 'servicenow sir connector',
+        isMissingSecrets: false,
+        config: {
+          apiUrl: 'https://servicenow-sir',
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+    {
+      id: '8',
+      type: 'action',
+      attributes: {
+        actionTypeId: '.webhook',
+        name: 'webhook connector with auth',
+        isMissingSecrets: false,
+        config: {
+          method: 'post',
+          hasAuth: true,
+          url: 'https://webhook',
+          headers: {},
+        },
+        secrets: 'asbqw4tqbef',
+      },
+      references: [],
+    },
+  ];
+
+  it('should not change connectors without secrets', () => {
+    expect(transformConnectorsForExport(connectorsWithNoSecrets, actionTypeRegistry)).toEqual(
+      connectorsWithNoSecrets
+    );
+  });
+
+  it('should remove secrets for connectors with secrets', () => {
+    expect(transformConnectorsForExport(connectorsWithSecrets, actionTypeRegistry)).toEqual(
+      connectorsWithSecrets.map((connector) => ({
+        ...connector,
+        attributes: {
+          ...connector.attributes,
+          isMissingSecrets: true,
+        },
+      }))
+    );
+  });
+});
diff --git a/x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.ts b/x-pack/plugins/actions/server/saved_objects/transform_connectors_for_export.ts
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { SavedObject } from 'kibana/server';
+import { ActionTypeRegistry } from '../action_type_registry';
+import { validateSecrets } from '../lib';
+import { RawAction, ActionType } from '../types';
+
+export function transformConnectorsForExport(
+  connectors: SavedObject[],
+  actionTypeRegistry: ActionTypeRegistry
+): Array<SavedObject<RawAction>> {
+  return connectors.map((c) => {
+    const connector = c as SavedObject<RawAction>;
+    return transformConnectorForExport(
+      connector,
+      actionTypeRegistry.get(connector.attributes.actionTypeId)
+    );
+  });
+}
+
+function transformConnectorForExport(
+  connector: SavedObject<RawAction>,
+  actionType: ActionType
+): SavedObject<RawAction> {
+  let isMissingSecrets = false;
+  try {
+    // If connector requires secrets, this will throw an error
+    validateSecrets(actionType, {});
+
+    // If connector has optional (or no) secrets, set isMissingSecrets value to value of hasAuth
+    // If connector doesn't have hasAuth value, default to isMissingSecrets: false
+    isMissingSecrets = (connector?.attributes?.config?.hasAuth as boolean) ?? false;
+  } catch (err) {
+    isMissingSecrets = true;
+  }
+
+  // Skip connectors
+  return {
+    ...connector,
+    attributes: {
+      ...connector.attributes,
+      isMissingSecrets,
+    },
+  };
+}