[Kibana Management] Add a limit when strings are too long (#186312)

yuliacech · web-flow · commit 31e132bb3036 · 2024-06-27T14:46:54.000+02:00
## Summary This PR adds a validation on the string length on routes that create new objects in ES. Affected routes are: - Create an ingest pipeline - Create an index template and a component template - Create an ILM policy - Create a snapshot repo and policy - Create a remote cluster - Create an auto-follow pattern and a follower index - Create a rollup job ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes&mdash;Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
@@ -20,7 +20,7 @@ export const registerCreateRoute = ({
   lib: { handleEsError },
 }: RouteDependencies) => {
   const bodySchema = schema.object({
-    id: schema.string(),
+    id: schema.string({ maxLength: 1000 }),
     remoteCluster: schema.string(),
     leaderIndexPatterns: schema.arrayOf(schema.string()),
     followIndexPattern: schema.string(),
diff --git a/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts b/x-pack/plugins/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
@@ -21,7 +21,7 @@ export const registerCreateRoute = ({
   lib: { handleEsError },
 }: RouteDependencies) => {
   const bodySchema = schema.object({
-    name: schema.string(),
+    name: schema.string({ maxLength: 1000 }),
     remoteCluster: schema.string(),
     leaderIndex: schema.string(),
     maxReadRequestOperationCount: schema.maybe(schema.number()),
diff --git a/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts b/x-pack/plugins/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
@@ -32,7 +32,7 @@ async function createPolicy(
  * We only specify a rough structure based on https://www.elastic.co/guide/en/elasticsearch/reference/current/_actions.html.
  */
 const bodySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   deprecated: schema.maybe(schema.boolean()),
   phases: schema.object({
     hot: schema.any(),
diff --git a/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts b/x-pack/plugins/index_management/server/routes/api/component_templates/schema_validation.ts
@@ -8,7 +8,7 @@
 import { schema } from '@kbn/config-schema';
 
 export const componentTemplateSchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   template: schema.object({
     settings: schema.maybe(schema.object({}, { unknowns: 'allow' })),
     aliases: schema.maybe(schema.object({}, { unknowns: 'allow' })),
diff --git a/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts b/x-pack/plugins/index_management/server/routes/api/enrich_policies/register_create_route.ts
@@ -17,7 +17,7 @@ import { normalizeFieldsList, getIndices, FieldCapsList, getCommonFields } from
 
 const validationSchema = schema.object({
   policy: schema.object({
-    name: schema.string(),
+    name: schema.string({ maxLength: 1000 }),
     type: schema.oneOf([
       schema.literal('match'),
       schema.literal('range'),
diff --git a/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts b/x-pack/plugins/index_management/server/routes/api/templates/validate_schemas.ts
@@ -8,7 +8,7 @@
 import { schema } from '@kbn/config-schema';
 
 export const templateSchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   indexPatterns: schema.arrayOf(schema.string()),
   version: schema.maybe(schema.number()),
   order: schema.maybe(schema.number()),
diff --git a/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts b/x-pack/plugins/ingest_pipelines/server/routes/api/create.ts
@@ -14,7 +14,7 @@ import { RouteDependencies } from '../../types';
 import { pipelineSchema } from './shared';
 
 const bodySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   ...pipelineSchema,
 });
 
diff --git a/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts b/x-pack/plugins/remote_clusters/server/routes/api/add_route.ts
@@ -17,7 +17,7 @@ import { licensePreRoutingFactory } from '../../lib/license_pre_routing_factory'
 import { RouteDependencies } from '../../types';
 
 const bodyValidation = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   skipUnavailable: schema.boolean(),
   mode: schema.oneOf([schema.literal(PROXY_MODE), schema.literal(SNIFF_MODE)]),
   seeds: schema.nullable(schema.arrayOf(schema.string())),
diff --git a/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts b/x-pack/plugins/rollup/server/routes/api/jobs/register_create_route.ts
@@ -21,7 +21,7 @@ export const registerCreateRoute = ({
         body: schema.object({
           job: schema.object(
             {
-              id: schema.string(),
+              id: schema.string({ maxLength: 1000 }),
             },
             { unknowns: 'allow' }
           ),
diff --git a/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts b/x-pack/plugins/snapshot_restore/server/routes/api/validate_schemas.ts
@@ -53,8 +53,8 @@ export const snapshotListSchema = schema.object({
 });
 
 export const policySchema = schema.object({
-  name: schema.string(),
-  snapshotName: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
+  snapshotName: schema.string({ maxLength: 1000 }),
   schedule: schema.string(),
   repository: schema.string(),
   config: schema.maybe(snapshotConfigSchema),
@@ -66,7 +66,7 @@ export const policySchema = schema.object({
 const fsRepositorySettings = schema.object({ location: schema.string() }, { unknowns: 'allow' });
 
 const fsRepositorySchema = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: fsRepositorySettings,
 });
@@ -76,7 +76,7 @@ const readOnlyRepositorySettings = schema.object({
 });
 
 const readOnlyRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: readOnlyRepositorySettings,
 });
@@ -85,7 +85,7 @@ const readOnlyRepository = schema.object({
 const s3RepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' });
 
 const s3Repository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: s3RepositorySettings,
 });
@@ -100,15 +100,15 @@ const hdsRepositorySettings = schema.object(
 );
 
 const hdsfRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: hdsRepositorySettings,
 });
 
 const azureRepositorySettings = schema.object({}, { unknowns: 'allow' });
 
 const azureRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: azureRepositorySettings,
 });
@@ -117,13 +117,13 @@ const azureRepository = schema.object({
 const gcsRepositorySettings = schema.object({ bucket: schema.string() }, { unknowns: 'allow' });
 
 const gcsRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: gcsRepositorySettings,
 });
 
 const sourceRepository = schema.object({
-  name: schema.string(),
+  name: schema.string({ maxLength: 1000 }),
   type: schema.string(),
   settings: schema.oneOf([
     fsRepositorySettings,
diff --git a/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts b/x-pack/test/api_integration/apis/management/ingest_pipelines/ingest_pipelines.ts
@@ -70,6 +70,17 @@ export default function ({ getService }: FtrProviderContext) {
           message: `There is already a pipeline with name '${name}'.`,
         });
       });
+
+      it(`doesn't allow to create a pipeline with a too long name`, async () => {
+        const pipelineRequestBody = {
+          name: 'testtesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttesttest1',
+        };
+        await supertest
+          .post(ingestPipelines.fixtures.apiBasePath)
+          .set('kbn-xsrf', 'xxx')
+          .send(pipelineRequestBody)
+          .expect(400);
+      });
     });
 
     describe('Update', () => {

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ export const registerCreateRoute = ({`
`21`	`21`	`body: schema.object({`
`22`	`22`	`job: schema.object(`
`23`	`23`	`{`
`24`		`- id: schema.string(),`
	`24`	`+ id: schema.string({ maxLength: 1000 }),`
`25`	`25`	`},`
`26`	`26`	`{ unknowns: 'allow' }`
`27`	`27`	`),`