forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Monitoring] Added a case for Alerting if security/ssl is disabled (e…
…lastic#71846) (elastic#72297) * Added a case for Alerting if security/ssl is disabled * Code feedback * Fixed types Co-authored-by: igoristic <igor.zaytsev.dev@gmail.com>
- Loading branch information
1 parent
7589e8e
commit 8d5b16d
Showing
7 changed files
with
216 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
137 changes: 137 additions & 0 deletions
137
x-pack/plugins/monitoring/public/alerts/lib/security_toasts.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import React from 'react'; | ||
import { i18n } from '@kbn/i18n'; | ||
import { FormattedMessage } from '@kbn/i18n/react'; | ||
import { EuiSpacer, EuiLink, EuiCode, EuiText } from '@elastic/eui'; | ||
import { Legacy } from '../../legacy_shims'; | ||
import { toMountPoint } from '../../../../../../src/plugins/kibana_react/public'; | ||
|
||
export interface AlertingFrameworkHealth { | ||
isSufficientlySecure: boolean; | ||
hasPermanentEncryptionKey: boolean; | ||
} | ||
|
||
const showTlsAndEncryptionError = () => { | ||
const { ELASTIC_WEBSITE_URL, DOC_LINK_VERSION } = Legacy.shims.docLinks; | ||
|
||
Legacy.shims.toastNotifications.addWarning({ | ||
title: toMountPoint( | ||
<FormattedMessage | ||
id="xpack.monitoring.healthCheck.tlsAndEncryptionErrorTitle" | ||
defaultMessage="Additional setup required" | ||
/> | ||
), | ||
text: toMountPoint( | ||
<div> | ||
<p> | ||
{i18n.translate('xpack.monitoring.healthCheck.tlsAndEncryptionError', { | ||
defaultMessage: `You must enable Transport Layer Security between Kibana and Elasticsearch | ||
and configure an encryption key in your kibana.yml file to use the Alerting feature.`, | ||
})} | ||
</p> | ||
<EuiSpacer /> | ||
<EuiLink | ||
href={`${ELASTIC_WEBSITE_URL}guide/en/kibana/${DOC_LINK_VERSION}/alert-action-settings-kb.html#general-alert-action-settings`} | ||
external | ||
target="_blank" | ||
> | ||
{i18n.translate('xpack.monitoring.healthCheck.encryptionErrorAction', { | ||
defaultMessage: 'Learn how.', | ||
})} | ||
</EuiLink> | ||
</div> | ||
), | ||
}); | ||
}; | ||
|
||
const showEncryptionError = () => { | ||
const { ELASTIC_WEBSITE_URL, DOC_LINK_VERSION } = Legacy.shims.docLinks; | ||
|
||
Legacy.shims.toastNotifications.addWarning( | ||
{ | ||
title: toMountPoint( | ||
<FormattedMessage | ||
id="xpack.monitoring.healthCheck.encryptionErrorTitle" | ||
defaultMessage="You must set an encryption key" | ||
/> | ||
), | ||
text: toMountPoint( | ||
<div role="banner"> | ||
{i18n.translate('xpack.monitoring.healthCheck.encryptionErrorBeforeKey', { | ||
defaultMessage: 'To create an alert, set a value for ', | ||
})} | ||
<EuiText size="xs"> | ||
<EuiCode>{'xpack.encryptedSavedObjects.encryptionKey'}</EuiCode> | ||
</EuiText> | ||
{i18n.translate('xpack.monitoring.healthCheck.encryptionErrorAfterKey', { | ||
defaultMessage: ' in your kibana.yml file. ', | ||
})} | ||
<EuiLink | ||
href={`${ELASTIC_WEBSITE_URL}guide/en/kibana/${DOC_LINK_VERSION}/alert-action-settings-kb.html#general-alert-action-settings`} | ||
external | ||
target="_blank" | ||
> | ||
{i18n.translate('xpack.monitoring.healthCheck.encryptionErrorAction', { | ||
defaultMessage: 'Learn how.', | ||
})} | ||
</EuiLink> | ||
</div> | ||
), | ||
}, | ||
{} | ||
); | ||
}; | ||
|
||
const showTlsError = () => { | ||
const { ELASTIC_WEBSITE_URL, DOC_LINK_VERSION } = Legacy.shims.docLinks; | ||
|
||
Legacy.shims.toastNotifications.addWarning({ | ||
title: toMountPoint( | ||
<FormattedMessage | ||
id="xpack.monitoring.healthCheck.tlsErrorTitle" | ||
defaultMessage="You must enable Transport Layer Security" | ||
/> | ||
), | ||
text: toMountPoint( | ||
<div role="banner"> | ||
{i18n.translate('xpack.monitoring.healthCheck.tlsError', { | ||
defaultMessage: | ||
'Alerting relies on API keys, which require TLS between Elasticsearch and Kibana. ', | ||
})} | ||
<EuiLink | ||
href={`${ELASTIC_WEBSITE_URL}guide/en/kibana/${DOC_LINK_VERSION}/configuring-tls.html`} | ||
external | ||
target="_blank" | ||
> | ||
{i18n.translate('xpack.monitoring.healthCheck.tlsErrorAction', { | ||
defaultMessage: 'Learn how to enable TLS.', | ||
})} | ||
</EuiLink> | ||
</div> | ||
), | ||
}); | ||
}; | ||
|
||
export const showSecurityToast = (alertingHealth: AlertingFrameworkHealth) => { | ||
const { isSufficientlySecure, hasPermanentEncryptionKey } = alertingHealth; | ||
if ( | ||
Array.isArray(alertingHealth) || | ||
(!alertingHealth.hasOwnProperty('isSufficientlySecure') && | ||
!alertingHealth.hasOwnProperty('hasPermanentEncryptionKey')) | ||
) { | ||
return; | ||
} | ||
|
||
if (!isSufficientlySecure && !hasPermanentEncryptionKey) { | ||
showTlsAndEncryptionError(); | ||
} else if (!isSufficientlySecure) { | ||
showTlsError(); | ||
} else if (!hasPermanentEncryptionKey) { | ||
showEncryptionError(); | ||
} | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
x-pack/plugins/monitoring/server/lib/elasticsearch/verify_alerting_security.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { RequestHandlerContext } from 'kibana/server'; | ||
import { EncryptedSavedObjectsPluginSetup } from '../../../../encrypted_saved_objects/server'; | ||
|
||
export interface AlertingFrameworkHealth { | ||
isSufficientlySecure: boolean; | ||
hasPermanentEncryptionKey: boolean; | ||
} | ||
|
||
export interface XPackUsageSecurity { | ||
security?: { | ||
enabled?: boolean; | ||
ssl?: { | ||
http?: { | ||
enabled?: boolean; | ||
}; | ||
}; | ||
}; | ||
} | ||
|
||
export class AlertingSecurity { | ||
public static readonly getSecurityHealth = async ( | ||
context: RequestHandlerContext, | ||
encryptedSavedObjects: EncryptedSavedObjectsPluginSetup | ||
): Promise<AlertingFrameworkHealth> => { | ||
const { | ||
security: { | ||
enabled: isSecurityEnabled = false, | ||
ssl: { http: { enabled: isTLSEnabled = false } = {} } = {}, | ||
} = {}, | ||
}: XPackUsageSecurity = await context.core.elasticsearch.legacy.client.callAsInternalUser( | ||
'transport.request', | ||
{ | ||
method: 'GET', | ||
path: '/_xpack/usage', | ||
} | ||
); | ||
|
||
return { | ||
isSufficientlySecure: !isSecurityEnabled || (isSecurityEnabled && isTLSEnabled), | ||
hasPermanentEncryptionKey: !encryptedSavedObjects.usingEphemeralEncryptionKey, | ||
}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters